Hello,
enumerating SMB sessions that have been established on a local server is
easy, using the ‘net session’ command. Conversely, I would like to know
if it is possible to enumerate all SMB sessions that have been
established by the SMB redirector (mrxsmb).
The ‘net use’ command, which uses the NetUseEnum() API, only reports SMB
sessions that have been established by the current user.
With filemon, I’ve seen that NetUseEnum() uses the
FSCTL_NETWORK_ENUMERATE_CONNECTIONS ioctl on the LanmanRedirector
device. Do you know if it’s possible to use this ioctl to get all SMB
sessions? Is it documented in the IFS KIT?
Enumerating TCP connections to port 139 or port 445 of remote servers is
not enough, as multiple SMB sessions can be multiplexed over one TCP
connection (this is the case with Terminal Server on Windows 2000, if I
remember correctly).
Thanks in advance,
Jean-Baptiste Marchand
xxxxx@hsc.fr
Hervé Schauer Consultants
http://www.hsc.fr/