SMB / CIFS Network Protocol

SMB / CIFS Network Protocol
SMB / CIFS Network Protocol
File sharing across heterogeneous
Operating systems
SMB - Server Message Block
CIFS - Common Internet File system
• Network Protocol used in windows OS since Windows for
• used for file sharing on a LAN (using Network
Neighborhood or My Network Places icons)
• Operations such as read,write,create,delete,rename etc can
be done on files located on a remote server
• High level protocol – Application / Presentation layer in
OSI model
• Client – Server
• Remote File
network drives)
• Browsing (Network
• Authentication
(Windows NT, 2000)
• Other Operating
• Unix, Linux – Samba
• Apple computers
• OS/2
• In 1984 IBM (Barry Feigenbaum) created SMB protocol
• IBMdeveloped an API for network communication between hosts on a
subnet NetBIOS API.
• Combined with a transport protocol to be called NetBEUI – NetBIOS
Enhanced User Interface(PC-Network).Other transport protocols used
were DECnet, IPX/SPX, TCP/IP
• In 1988 Microsoft & Intel modified the protocol titled “Core Protocol”
using NetBIOS API for delivery of upper layer CIFS packets
• In 1996 SMB was renamed as CIFS with new features
• SMB / CIFS –NetBIOS over TCP used by Microsoft till windows 2000.
• Windows support 6 different variations of the CIFS protocol. Nearly
100 different operations supported
• Various versions of CIFS packets
• Internet Engineering Task Force and Storage Networking Industry
Association CIFS 1.0 specification …History table
• Samba
NetBIOS over TCP
• NBT (acronym)
specifications were
documented in 1987 in
RFC 1001 & 1002
• Three services are
essential for CIFS
– Name Service
– Session Service
– Datagram Service
Name Service
• Includes Name registration and Name query
• NetBIOS names are human readable computer names
• Just as DNS system in TCP/IP world these names should
be registered and translated to IP address for transport of
• DNS names and IP are statically held in a server, whereas
with NetBIOS the names are registered dynamically when
the computer boots.
• Done by broadcasting or by using NetBIOS name
server(NBNS or WINS)
• Computers are configured to use:
– Broadcast only( b-node)
– NBNS only (p-node)
– Broadcast first and NBNS next if no response (m-node)
– NBNS and Broadcast if server is unresponsive
Name registration
• B – node
• Builds a NetBIOS name
registration Packet and
broadcasts over subnet using
UDP protocol on port 137
• Contains the desired name and
IP address
• Repeats three times with 250
milliseconds interval
• Any computer having the same
name sends a defense packet
• If no defense packet is received
the computer has successfully
registered its name.
• P – node
• Builds a NetBIOS name
registration packet and
unicasts to the NBNS
using UDP protocol on
port 137
• NBNS searches it
• If an entry with the same
name is present, a
negative name reg. Packet
is sent. Otherwise a
positive response packet is
Name query
• B – node
• IP address of machines are
required for transport of CIFS
• The name query request is
broadcast over the subnet via
UDP on port 137.Request
contains the name
• Repeats 3 times with 5 seconds
• Either receives a positive name
query response containing IP
address or nothing
• P – node
• Name query request packet
containing NetBIOS name is
unicast to NBNS via UDP on
port 137
• NBNS searches its data base
and responds with a positive
response with IP address, if a
match is found. Otherwise it
sends a negative response
Session Service
• Session is a reliable and sequential message exchange
between a pair of NetBIOS applications
• TCP on port 139 is used to emulate session service
• CIFS uses this service to send all upper layer commands
like file,printer operations
• The following functions that are mapped into TCP :
– CALL – initiate a NetBIOS session.Mapped into TCP
as initiating and creating a full duplex TCP
connection.Send a call packet containing client and
server names
– LISTEN – wait for NetBIOS call.Mapped into TCP as
server waiting on port 139 for session request
– HANG UP - end a NetBIOS session.Initiates A TCP
teardown sequence
– SEND - send a message. Mapped into TCP by
encapsulating the data with a small header that contains
message size and then sending the data over TCP
– RECEIVE – receive e message.Mapped into TCP as receiving
from TCP stream till the entire message has arrived.
– SESSION STATUS –obtain information about the requester
Datagram Service
• CIFS implementations need only session and name service,but
they include this service for browsing to find CIFS servers on
the network
• Browsing is not part of CIFS protocol
• Datagram service is unreliable,nonsequenced,connectionless
• UDP protocol on port 138 used to implement NetBIOS
datagram service
• NetBIOS datagram packets have a header which contains the
name of the sender and if the datagram is framented
• CIFS could be run over TCP without NetBIOS, DNS and
domain names providing name service,session service running
directly over TCP,datagram service directly over UDP
CIFS Properties
• client send requests and server respond to request
• Multiple simultaneous requests outstanding
• Each request has a unique Multiplex id (MID).when server responds to
this request,it contains the MID.Client can identify for which request
the reply has come.
• Command based: Each CIFS packet has 1 byte command field.
Function of the packet is based on this command.The reply to the
client also has the same command code.
• Protocol negotiation: There are many versions of the protocol.Each
version is called a dialect and is assigned a unique string eg “PC
NETWORK PROGRAM 1.0” or “NT LM 0.12”. The first packet from
client to server is the dialect negotiate packet.The client lists the
dialects it understands.In the response packet the server indicates the
dialect that it would communicate or it understands none.
User/share level security: The server which allows either files or printer
to be shared by clients can restrict the access in two ways:User level security:The client should provide username and password
to access the share.Implemented in windows NT and 2000
Share level security:The share requires only a password,
implemented in Windows 95 and 98
Encryption: Both the security use encryption for the password, NT
style or LAN Manager style, challenge-response
authentication.The server sends a random string and client replies
both random string and password.
Command batching: Many CIFS packets are capable of piggybacking
other CIFS packets to reduce response latency and better network
bandwidth utilization.
Opportunistic locking: This blocks multiple users modifying a same
file at the same time.The server provides this oplock when a client
opens a file.
CIFS Packet
Header – 4 byte
Command – 1 byte
Error class & code – 1 & 2
Flags & Flags2 – various options
Tree ID – identifies the
resource.TID given by server after
receiving the name from client
Process ID –identifies the process
on the client which issued the
User ID – after verifying username
and password,server issues an UID
for a session
Multiplex ID – allows multiple
outstanding client requests to exist
without any confusion.Server reply
has MID to correlate.
CIFS Packet(contd.)
• Word Count and parameter words: These fields hold
command specific data. The parameter words (various
packet options)can be of variable length which is specified
by the word count.
• Byte Count and buffer: Buffer hold a variable amount of
raw data which is specified by the byte count.
Example Packet sequence
Example one: to connect to a server resource
Packet #1,request from client to establish a NetBIOS session
First client establishes a full duplex TCP connection with server on port
139.Then it builds and send a NetBIOS session request packet which
contains client name and server name and the command for session setup.
Packet#2,response from server
The server sends a session established acknowledgement (or an error code)
Packet#3,client request for dialect negotiation
SMB_COM_NEGOTIATE command,a unique MID and a list of dialect it
understands in the buffer
Packet#4,response from server of dialect chosen
MID and command are same as above,dialect is in parameter words and a
eight byte random string in buffer for encryption.
Packet#5,request from client for user login
SMB_COM_SESSION_SETUP_ANDX command,username,password
and other strings that identify the operating system
Packet#6,response from server
Error code if authentication fails or UID which client would send in further
packets.Buffer contains details about server OS and LAN manager
Example one contd.
Packet#7, request from client to connect to a shared resource
name in UNC in the buffer,UID that server gave
Packet#8,response from server indication Tree ID
TID if share exists and required permission is there or error
code and class,file system type an device type in the buffer
Example for file open and read
Packet#1, request from client to open a file
SMB_COM_OPEN_ANDX command, file name to be opened in
the buffer,options in parameter words about the opening mode and
share mode
Packet#2,response from server indicating File ID
IF file exists and UID has permission ,FID is sent in the parameter
field or error code and class
Packet#3, request from client for file read
SMB_COM_READ_ANDX command, no data in buffer, FID,file
offset and 16 bit value which specifies the file offset and the
amount of data required for reading
Packet#4, response from server with file data
Buffer holds the file data requested
(from to .56)
Smb://spica/anbu (from to .56)
Requirements for file sharing at VBO
• CCD Data Acquisition systems ,windows
• Data reduction in Solaris or Linux systems
– Photometrics,Pixcellent,IIA Echelle systems
– ftp used
– Transfer of bulk data in multiple directories
Java Smbclient using jCIFS libray
• jCIFS is Open Source client library for SMB protocol
implemented in Java by the Samba team
• Created a GUI for smbclient in a Sparc5 workstation
hosting Solaris 2.5.1 (with no SMB server) to connect to
shares on data acquisition (windows based)
• Copy files from shares to local file system and vice versa
RemoteCopy (pc_copy)
• jCIFS version 0.6.8 used for Java 1.2 for Solaris
• Popup menus added instead of menu bar
• Authentication was added
• Added modules to copy files across SMB Servers
• Installed Samba servers for Solaris 2.5.1, 2.8
• Configured Samba shares in all Unix and Linux
systems to facilitate easy data transfer.
Screenshots of RemoteCopy
• Java RemoteCopy smb://
• SMB Servers in VBT workgroup
• Source directory to be copied :smb://FORCE/omr_pix04/28sep06
• Destination directory :smb://ALTAIR/observer/21mar07
• Console output
Further reading:Under Network Neighborhood | Linux Magazine
CIFS Explained – white paper by John Kleven
Implementing CIFS – online book by C.Hertel
• CIFS implementations
• Pc_copy details
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF