SMB2 protocol? Δυσκολάκι

????µe t? pa?a??t? se?????:
???st?? µe Office 2007 p??spa?e? ?a a????e? excel files ap? ??p??? unc path (smb network share, \\server1). ?a .xlsx a??????? ????? p??ß??µa e?? ta .xls ??e?????ta? pe??p?? 1 ?ept? ap? ?d?? p??ta share.

E????? t? s?µp??asµa p?? p??? eµe?? st?? Microsoft ??t? ????µe a????e? st? Office 2007 ?a? d?µ?????e? a?t? ta p??ß??µata. St?? p??????µe?? p??tas? de? e?µa? a???t????, s?µßa????? ?? a?t? ap?? µ??e? ?a ap?de???e? ????a?.

Se pa??µ??e? pe??pt?se?? ta p???µata e??a? s?et??? e????a ??at? a?t? p?? ??e?a??µaste e??a? 2 traces, ??a ap? t?? s?st? ?a? de?te?? ap? t?? p??ß??µat??? ?e?t?????a, ?ste ?a ?????µe s?????s? µeta?? t??? ?a? ?a ß?e?e? t? e??a? a?t? p?? s?µßa??e? ? de s?µßa??e? st?? p??ß??µat??? pe??pt?s?.

??s??????

? t?t??? ??e? ?a ???e? ?a?a?? µe t? ?e?t?????a t?? p??t??????? SMB t? ?p??? e??a? s?et??? pe??p???? ?ste ?a ?ataf??e? ?a ???e? ?t? ???e? ??a eµ??. ??? st?????? ???p?? ta 2 network traces, ??a ??a ???e pe??pt?s? (p??ß??µat??? & ??) ?p?te ??a ?a d?e?e???s? t? p??ß??µa ??a?a ta e??? ß?µata:

1. ?p?µ????? t? tcp connection p?? ???s?µ?p??????e ??a t?? µetaf??? t?? .xls & .xlsx a??e??? se ???e ??a ap? ta traces ?a? ap????e?? se ??? a??e??. ??t? ???eta? a?a??t??ta? st? st??? Info t? a??e?? p?? µetaf?????e (test_MS.xls & test_MS.xlsx) ?a? ep??????ta? right click –> follow tcp stream. ?et? ap????e?? µ??? ta displayed packets.

2. ???????µe ta 2 ??a p???? traces µe t? wireshark ?a? ???s?µ?p????µe display filter “smb2” . ??t? t? ?????µe ??at? ?????µe ?a ep??e?t?????µe sta smb commands p?? ???s?µ?p??????a?. SMB2 e??a? ? ??a ??d?s? t?? smb ?a? ???s?µ?p??e?ta? µeta?? ?e?t???? ?e?t????????.

3. ?pe?ta ep??????µe

File –> Print (?a? print!) ?a? ep??????µe ?p?? fa??eta? st?? e????a, output to txt file ?a? µ??? “Packet Summary Line”

?ts? ?ata?????µe se txt file ?p?? e?e? ???t?sa t?? st??e? Source, Destination & Info. ?p?te p???? a??????µe ta 2 txt files ?a? s????????µe µe ??p??? notepad compare tool.

??t? p?? fa??eta? st?? pa?a??t? e????a e??a? ? s?????s? µeta?? t?? 2 trace files. ???a? d?s???? ?a µ?? p??s????µe ?t? ??t? s?µßa??e? st? de??? µe??? ?p?? p??ß???eta? ? p??ß??µat??? ?e?t?????a.

?p???e? µe????? a???µ?? ap? Lock Request File: & Lock Response. ??at?????ta? st? documentation ß??s?? p?? a?t? p?? ß??p? e??a? OPLOCK_Break Notification ?p?? ?ts? ? server e??µe???e? t?? client ?t? de? µp??e? ?a “??e?d?se?” t? a??e??.

????µe ?a ?????µe µe ??t? p?? s?µßa??e? st? server ?a? d?µ?????e? p??ß??µata st?? p??sßas? t?? .xls a??e???. ?? p??t? p???µa p?? p??e t? µ?a?? µ??, t??a??; ?ta? t? Antivirus ?a? ß?ßa?a ?ta? ? pe??t?? ??a?e exclude ta *.xls ap? t? AV ? ?a??st???s? e?afa??st??e.

??ßa?a a?t? de? e??a? ??s? a??? workaround ??at? ?ts? d?µ???????µe ???a ?e?? asfa?e?a?, ?p?? ?ata?aßa??ete.

?p?? e?pa ?a? pa?ap??? t? SMB e??a? p???p???? p??t?????? µe t?? ?????a ?t? pe????e? µe???? p????? ap? e?t???? ?a? ?e?t?????e?. Se ?se? pe??pt?se?? ??e? ??e?aste? ?a ???e? troubleshoot t? smb t?te a?at???? st? ep?s?µ? documentation https://msdn.microsoft.com/en-us/library/cc216517(PROT.10).aspx. ?p??e?te ?a ???ete download ta 2 files ap? t?? pa???t? d?e????se??:

• Windows Communication Protocols (MCPP) download package

• Windows Server Protocols (WSPP) download package

Sta pdf p?? ?a ß?e?te ?p???e? pe????af? ??a ???e ?e?t?????a t?? windows protocols. ???a? ??t? sa? Windows RFCs!

?e t?? pa?ap??? pe????af? ??e?a ?a pa???s??s? e?a??a?t??? t??p? s?????s?? 2 network traces.