SMB File transfers Bypassing TDI?

OSR_Community_User · December 5, 2003, 6:53am

Hi,

I am investigating the working of SMB protocol and
Windows file sharing mechanism. I have been looking
into the process of file transfer from one windows
share to another. I am working on TDI interface in
order to study the protocol device behaviour.

I have used TDImon utility (www.sysinternals.com) to
analyse the TDI requests made by the application in
order to fetch/send the file contents.
When i am trying to receive/send a file from remote
share, i do see many SMB protocol negotiations
(request/response) happening in ethereal packet
sniffer. But i DONT see any TDI write requests (in the
form of TDI_SEND) happening at local machine. My
understanding is if there is a data packet going out
on wire, there should be a TDI request coming on the
tcpip device; which is not shown in TDImon utiltiy.
All i see is only receive events getting generated.

I am also using a sample TDI filter driver to
investigate the TDI requests on my own. I couldnt see
DeviceDispatch function getting called for tcpip
device in this case.

Can anybody tell me how does smb bypass TDI layer and
send the packets directly to ndis miniport.

thanks
uday

Yahoo! India Matrimony: Find your partner online.
Go to http://yahoo.shaadi.com

OSR_Community_User · December 5, 2003, 10:10am

I think TDImon must be wrong, because one can see a lot of TDI requests
coming from NETBT when you use SMB.

-----Mensaje original-----
De: Uday [mailto:xxxxx@yahoo.co.in]
Enviado el: viernes, 05 de diciembre de 2003 12:52
Para: Windows System Software Devs Interest List
Asunto: [ntdev] SMB File transfers Bypassing TDI?

Hi,

I am investigating the working of SMB protocol and
Windows file sharing mechanism. I have been looking
into the process of file transfer from one windows
share to another. I am working on TDI interface in
order to study the protocol device behaviour.

I have used TDImon utility (www.sysinternals.com) to
analyse the TDI requests made by the application in
order to fetch/send the file contents.
When i am trying to receive/send a file from remote
share, i do see many SMB protocol negotiations
(request/response) happening in ethereal packet
sniffer. But i DONT see any TDI write requests (in the
form of TDI_SEND) happening at local machine. My
understanding is if there is a data packet going out
on wire, there should be a TDI request coming on the
tcpip device; which is not shown in TDImon utiltiy.
All i see is only receive events getting generated.

I am also using a sample TDI filter driver to
investigate the TDI requests on my own. I couldnt see
DeviceDispatch function getting called for tcpip
device in this case.

Can anybody tell me how does smb bypass TDI layer and
send the packets directly to ndis miniport.

thanks
uday

Yahoo! India Matrimony: Find your partner online.
Go to http://yahoo.shaadi.com

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@pandasoftware.es
To unsubscribe send a blank email to xxxxx@lists.osr.com

Maxim_S_Shatskih · December 5, 2003, 10:28am

Maybe TDIMon is broken, or you have installed it incorrectly.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

----- Original Message -----
From: “Uday”
To: “Windows System Software Devs Interest List”
Sent: Friday, December 05, 2003 2:52 PM
Subject: [ntdev] SMB File transfers Bypassing TDI?

> Hi,
>
> I am investigating the working of SMB protocol and
> Windows file sharing mechanism. I have been looking
> into the process of file transfer from one windows
> share to another. I am working on TDI interface in
> order to study the protocol device behaviour.
>
> I have used TDImon utility (www.sysinternals.com) to
> analyse the TDI requests made by the application in
> order to fetch/send the file contents.
> When i am trying to receive/send a file from remote
> share, i do see many SMB protocol negotiations
> (request/response) happening in ethereal packet
> sniffer. But i DONT see any TDI write requests (in the
> form of TDI_SEND) happening at local machine. My
> understanding is if there is a data packet going out
> on wire, there should be a TDI request coming on the
> tcpip device; which is not shown in TDImon utiltiy.
> All i see is only receive events getting generated.
>
> I am also using a sample TDI filter driver to
> investigate the TDI requests on my own. I couldnt see
> DeviceDispatch function getting called for tcpip
> device in this case.
>
> Can anybody tell me how does smb bypass TDI layer and
> send the packets directly to ndis miniport.
>
> thanks
> uday
>
> ________________________________________________________________________
> Yahoo! India Matrimony: Find your partner online.
> Go to http://yahoo.shaadi.com
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com