I would like to read about SMB_FS_INFO_0x requests. I've tried poking through: [MS-SMB2], [MS-FSCC], and [MS-FSMOD] -- no dice. Suggestions? In particular, I'm seeing hard-to-believe 'Date Created' timestamps associated with a file in the traces I'm examining. Specifically, I want to know how the 'Created' time stamp is encoded in an SMB_FS_INFO_01 Response. I have two frames of interest: in one, the time stamp is encoded as '1' ... which suggests either a bug or perhaps that '1' connotes some special value, like 'unknown'. [Wireshark says "Time can't be converted".] And in the other, Wireshark displays the timestamp as Wireshark displays this date as Aug 26, 25218 01:56:06.230304100 Hard to believe. The hex for the timestamp is 4163717572696e67 ... probably not Unix epoch seconds (Oct 29, 2130) ... probably not in Unix epoch nanoseconds (Mar 17 1983) ... Anyway, I want to read what Microsoft says this field should contain. ? --sk asked 22 Aug '14, 08:07  skendric |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
OK, I figured this out. MS-SMB2 calls this 'SMB2 Query Info', whereas Wireshark calls it 'SMB_FS_INFO' ... I'm happily reading the relevant protocol spec now ... :)
--sk