This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

SMB2 and Ioctl STATUS_NOT_FOUND

0

Hello,

I did a packet capture of a computer that boots and logs in on a corporate network. The client is Windows 7 and I think that the servers are Windows 2008. There are a few lines that I do not understand. See the screenshot:

http://postimg.org/image/zfqzmva0r/

Packet 978 is an Ioctl Request for a file on a server. Why does the server name have only one backslash? Should it not say \ \ before the servername instead of \?

Packet 979 gives Error: STATUS NOT FOUND. What does that mean? It looks to me as if it's working as supposed to anyway, looking at the packets right after the error.

Does anyone have an explanation?

asked 08 Mar '15, 15:44

Farid's gravatar image

Farid
6112
accept rate: 0%