Hello Toasters, In troubleshooting latency issues between our main site and a remote location, we have noticed a lot of traffic going to our filer and erroring out. Each machine in the remote location is trying to get to a file called %username%\c4.log on a filer in our main site, but is unable to find it. Between all 20 users in this site, these events are occurring every minute or two. This traffic is coming from machines running Windows XP and 2000, some of the machines are in our active directory domain, some are in our NT 4.0 domain. I can't even find a single application outside of MS Office that they are all using. An example of the packet trace is provided below. Does anyone know what the c4.log is?
Josh J. Gifford MCP Network Systems Administrator Siemens PTD 7000 Siemens Rd Wendell, NC 27591 Office 919.365.2806 Fax 919.365.1080 josh.gifford@siemens.com mailto:josh.gifford@siemens.com SMB command rejected Object not found
Packet Info Flags: 0x00 Status: 0x01 Packet Length: 168 Timestamp: 13:33:15.081093 09/11/2003 Ethernet Header Destination: 00:05:5E:E3:98:40 Source: 00:0A:B7:47:92:F3 Protocol Type: 0x0800 IP IP Header - Internet Protocol Datagram Version: 4 Header Length: 5 (20 bytes) Type of Service: %00000000 000. .... Precedence: Routine ...0 .... Normal Delay .... 0... Normal Throughput .... .0.. Normal Reliability .... ..0. ECT bit - transport protocol will ignore the CE bit .... ...0 CE bit - no congestion
Total Length: 150 Identifier: 56937 Fragmentation Flags: %010 0.. Reserved .1. Do Not Fragment ..0 Last Fragment
Fragment Offset: 0 (0 bytes) Time To Live: 128 Protocol: 6 TCP - Transmission Control Protocol Header Checksum: 0x4ED9 Source IP Address: 161.134.199.208 Dest. IP Address: 161.134.194.65 No IP Options TCP - Transport Control Protocol Source Port: 1060 polestar Destination Port: 139 netbios-ssn Sequence Number: 266124745 Ack Number: 2144399882 Offset: 5 (20 bytes) Reserved: %000000 Flags: %011000 0. .... (No Urgent pointer) .1 .... Ack .. 1... Push .. .0.. (No Reset) .. ..0. (No SYN) .. ...0 (No FIN)
Window: 16743 Checksum: 0x7ADF Urgent Pointer: 0 No TCP Options CIFS Header Reserved: 0x0000 Length: 106 SMB - Server Message Block Protocol ID: SMB Command Code: 50 Transaction2 - Function, Byte In/Out NT Status: 0x00000000 STATUS_SUCCESS Flags: 0x18 .... ...0 Does Not support Lock and Read/Write and Unlock .... ..0. Reserved (Must be zero) .... .0.. Reserved (Must be zero) .... 1... Pathnames are without case ...1 .... Pathnames are already in canonicalized format ..0. .... Do not request opportunistic lock .0.. .... Do not notify consumer on any modify action 0... .... Request
Flags2: 0xC807 .... .... .... ...1 Application understands long file names .... .... .... ..1. Application understands extended attributes .... .... .... .1.. Use message authentication .... .... .... 0... Reserved for future use .... .... .0.. .... Is not long name .... 1... .... .... Client aware of extended security ...0 .... .... .... Application is NOT DFS Capable ..0. .... .... .... Application does NOT do Paging I/O .1.. .... .... .... Application understands NT Status Codes 1... .... .... .... Application understands Unicode Strings
Reserved: ............ 00 00 00 00 00 00 00 00 00 00 00 00 Tree ID (TID): 0x0048 Process ID (PID): 0x0490 User ID (UID): 0x0800 Multiplex ID (MID): 0xEC43 SMB Transaction2 - Function, Byte In/Out Request Word count: 15 Total Param Bytes: 38 Total Data Bytes: 0 Param Bytes To Recv: 2 Data Bytes To Recv: 40 Setup Bytes To Recv: 0 Reserved: 0x00 Flags: 0x0000 Timeout (millisec.): 0 Reserved: 0x0000 Params This Buffer: 38 Params Bytes Offset: 68 Data This Buffer: 0 Data Bytes Offset: 0 Setup Word Count: 1 Reserved: 0x00 Setup Words: 0x0500 Byte Count: 41 Padding: 0x00000000 Trans2 Query Path Information: Get File Attributes Given Path Information Level: 257 Query File Basic Info Reserved 0 Must be zero Filename: \markspa\C4.LOG FCS - Frame Check Sequence FCS (Calculated): 0xE189B91C