Hello Toasters,
In troubleshooting latency issues between our main site and a remote location, we have noticed a lot of traffic going to our filer and erroring out. Each machine in the remote location is trying to get to a file called \%username%\c4.log on a filer in our main site, but is unable to find it. Between all 20 users in this site, these events are occurring every minute or two. This traffic is coming from machines running Windows XP and 2000, some of the machines are in our active directory domain, some are in our NT 4.0 domain. I can't even find a single application outside of MS Office that they are all using. An example of the packet trace is provided below. Does anyone know what the c4.log is?
Josh J. Gifford MCP
Network Systems Administrator
Siemens PTD
7000 Siemens Rd
Wendell, NC 27591
Office 919.365.2806
Fax 919.365.1080
josh.gifford@siemens.com
SMB command rejected
Object not found
Packet Info
Flags: 0x00
Status: 0x01
Packet Length: 168
Timestamp: 13:33:15.081093 09/11/2003
Ethernet Header
Destination: 00:05:5E:E3:98:40
Source: 00:0A:B7:47:92:F3
Protocol Type: 0x0800 IP
IP Header - Internet Protocol Datagram
Version: 4
Header Length: 5 (20 bytes)
Type of Service: %00000000
000. .... Precedence: Routine
...0 .... Normal Delay
.... 0... Normal Throughput
.... .0.. Normal Reliability
.... ..0. ECT bit - transport protocol will ignore the CE bit
.... ...0 CE bit - no congestion
Total Length: 150
Identifier: 56937
Fragmentation Flags: %010
0.. Reserved
.1. Do Not Fragment
..0 Last Fragment
Fragment Offset: 0 (0 bytes)
Time To Live: 128
Protocol: 6 TCP - Transmission Control Protocol
Header Checksum: 0x4ED9
Source IP Address: 161.134.199.208
Dest. IP Address: 161.134.194.65
No IP Options
TCP - Transport Control Protocol
Source Port: 1060 polestar
Destination Port: 139 netbios-ssn
Sequence Number: 266124745
Ack Number: 2144399882
Offset: 5 (20 bytes)
Reserved: %000000
Flags: %011000
0. .... (No Urgent pointer)
.1 .... Ack
.. 1... Push
.. .0.. (No Reset)
.. ..0. (No SYN)
.. ...0 (No FIN)
Window: 16743
Checksum: 0x7ADF
Urgent Pointer: 0
No TCP Options
CIFS Header
Reserved: 0x0000
Length: 106
SMB - Server Message Block
Protocol ID: SMB
Command Code: 50 Transaction2 - Function, Byte In/Out
NT Status: 0x00000000 STATUS_SUCCESS
Flags: 0x18
.... ...0 Does Not support Lock and Read/Write and Unlock
.... ..0. Reserved (Must be zero)
.... .0.. Reserved (Must be zero)
.... 1... Pathnames are without case
...1 .... Pathnames are already in canonicalized format
..0. .... Do not request opportunistic lock
.0.. .... Do not notify consumer on any modify action
0... .... Request
Flags2: 0xC807
.... .... .... ...1 Application understands long file names
.... .... .... ..1. Application understands extended attributes
.... .... .... .1.. Use message authentication
.... .... .... 0... Reserved for future use
.... .... .0.. .... Is not long name
.... 1... .... .... Client aware of extended security
...0 .... .... .... Application is NOT DFS Capable
..0. .... .... .... Application does NOT do Paging I/O
.1.. .... .... .... Application understands NT Status Codes
1... .... .... .... Application understands Unicode Strings
Reserved:
............ 00 00 00 00 00 00 00 00 00 00 00 00
Tree ID (TID): 0x0048
Process ID (PID): 0x0490
User ID (UID): 0x0800
Multiplex ID (MID): 0xEC43
SMB Transaction2 - Function, Byte In/Out Request
Word count: 15
Total Param Bytes: 38
Total Data Bytes: 0
Param Bytes To Recv: 2
Data Bytes To Recv: 40
Setup Bytes To Recv: 0
Reserved: 0x00
Flags: 0x0000
Timeout (millisec.): 0
Reserved: 0x0000
Params This Buffer: 38
Params Bytes Offset: 68
Data This Buffer: 0
Data Bytes Offset: 0
Setup Word Count: 1
Reserved: 0x00
Setup Words: 0x0500
Byte Count: 41
Padding: 0x00000000
Trans2 Query Path Information: Get File Attributes Given Path
Information Level: 257 Query File Basic Info
Reserved 0 Must be zero
Filename: \markspa\C4.LOG
FCS - Frame Check Sequence
FCS (Calculated): 0xE189B91C