Protocol Directory

View this file in pdf format.

The Network Basic I/O System (NetBIOS), TCP/UDP version, was developed for the IBM PC LAN program to support communications between symbolically named stations and transfer of arbitrary data.

The Server Message Block (SMB) is a Microsoft presentation layer protocol providing file and print sharing functions for LAN Manager, VINES and other network operating systems. IBM NetBIOS manages the use of node names and transport layer connections for higher layer protocols such as SMB. The IBM suite includes the following protocols:

NetBIOS - Network Basic I/O System.
SMB - Server Message Block.
SNA - refer to Chapter 22.

The following diagram illustrates the IBM protocol suite in relation to the OSI model:

IBM protocol suite in relation to the OSI model

NetBIOS

NetBIOS provides a communication interface between the application program and the attached medium. All communication functions from the physical layer through the session layer are handled by NetBIOS, the adapter support software, and the adapter card. A NetBIOS session is a logical connection between any two names on the network. It is described in IBM - Local Area Network Technical Reference 1990 DA-30/31 Protocol Operating Manual. It is usually encapsulated over LLC.
(Compliant with IBM - Local Area Network Technical Reference 1990 DA-30/31 Protocol Operating Manual NetBIOS Decode.)

The format of the header is shown in the following illustration:

Len

XxEFFF

Command

Optional Data 1

Optional Data 2

Xmit/resp correlator

Dest name/
num

Source name/
num

NetBIOS header structure

Len
The length of the NETBIOS header.

XxEFFF
A delimiter indicating that subsequent data is destined for the NetBIOS function.

Command
A specific protocol command that indicates the type of function of the frame.

Data 1
One byte of optional data per specific command.

Data 2
Two bytes of optional data per specific command.

Xmit/response correlator
Used to associate received responses with transmitted requests.
Transmit correlator is the value returned in a response to a given query.
Response correlator is the value expected when the response to that message is received.

Destination name/num
In non-session frames this field contains the 16-character name. In session frames this field contains a 1 byte destination session number.

Source name/num
In non-session frames this field contains the 16-character source name. In session frames this field contains a 1 byte source session number.

SMB

ftp://ftp.microsoft.com/developr/drg/CIFS/
File Sharing Protocol 1987, SMB File sharing protocol Extensions, 1998,
SMB File sharing protocol 1996

Server Message Block (SMB) is a Microsoft presentation layer protocol providing file and print sharing functions for LAN Manager, Banyan VINES and other network operating systems. IBM NetBIOS manages the use of node names and transport layer connections for higher layer protocols such as SMB.

SMB is used for sharing files, printers, serial ports, and communications abstractions such as named pipes and mail slots between computers. It is a client server request-response protocol. Clients connect to servers using TCP/IP. They can then send commands (SMBs) to the server that allow them to access shares, open files, etc. over the network.

Many protocol variants have been developed. The first protocol variant was the Core Protocol, known also as PC NETWORK PROGRAM 1.0. It handled a fairly basic set of operations that included:

Connecting to and disconnecting from file and print shares.
Opening and closing files.
Opening and closing print files.
Reading and writing files.
Creating and deleting files and directories.
Searching directories.
Getting and setting file attributes.
Locking and unlocking byte ranges in files.

There are several different versions and sub-versions of this protocol. A particular version is referred to as a dialect. When two machines first come into network contact they negotiate the dialect to be used. Different dialects can include both new messages as well as changes to the fields and semantics of existing messages in other dialects. Each server makes a set of resources available to clients on the network. A resource being shared may be a directory tree, named pipe, printer, etc. So far as clients are concerned, the server has no storage or service dependencies on any other servers; a client considers the server to be the sole provider of the resource being used.

The SMB protocol requires server authentication of users before file accesses are allowed, and each server authenticates its own users. A client system must send authentication information to the server before the server will allow access to its resources.

The general format of the header is shown in the following illustration:

Command	RCLS	Reserved	ERR
ERR (cont)	REB/FLG	Reserved
Reserved
Reserved
Reserved
Tree ID		Process ID
User ID		Multiplex ID
WCT	VWV
BCC		BUF

SMB header structure

COM
Protocol commands. The following are possible commands within SMB frames:

Command	Description
[bad command]	Invalid SMB command.
[bind (UNIX)]	Obtain file system address for file.
[cancel forward]	Cancel server recognition of name.
[change/check dir]	Change to directory or check path.
[change group]	Change group association of user.
[change password]	Change password of user.
[close file]	Close file handle and flush buffers.
[close spoolfile]	Close print buffer file.
[consumer logon]	Log on with consumer validation.
[copy file]	Copy file to specified path.
[copy new path]	Copy file to new path name.
[create & bind]	Create file and get file system address.
[create directory]	Create new directory.
[create file]	Create new or open existing file.
[delete dir]	Delete the specified directory.
[delete file]	Delete the specified file.
[echo]	Request echo from server.
[find & close]	Search for file and close directory (UNIX).
[find & close /2]	Search for file and close directory (OS/2).
[find first file]	Find first matching file (OS/2).
[find unique]	Search directory for specified file.
[flush file]	Flush all file buffers to disk.
[fork to PID]	Provide same access rights to new process.
[forward name]	Cause server to accept messages for name.
[get access right]	Get access rights for specified file.
[get exp attribs]	Get expanded attributes for file (OS/2).
[get unix attribs]	Get expanded attributes for file (UNIX).
[get file attribs]	Get attributes for specified file.
[get file queue]	Get print queue listing.
[get group info]	Get logical group associations.
[get machine name]	Get machine name for block messages.
[get pathname]	Get path of specified handle.
[get resources]	Get availability of server resources.
[get server info]	Get total and free space for server disk.
[get user info]	Get logical user associations.
[IOCTL]	Initiate I/O control for DOS-OS/2 devices.
[IOCTL next]	Initiates subsequent I/O control for DOS-OS/2 devices.
[IOCTL (UNIX)]	I/O control for UNIX-Xenix devices.
[link file]	Make an additional path to a file.
[lock and read]	Lock and read byte range.
[lock bytes]	Lock specified byte range.
[lock/unlock & X]	Lock/unlock bytes and execute next command.
[logoff & execute]	Log off and execute next command.
[mail announce]	Query availability of server nodes.
[mailslot message]	Mail slot transaction message.
[make/bind dir]	Make dir and get file system address.
[make temp file]	Make temporary data file.
[make new file]	Make new file only if it does not exist.
[make node]	Make file for use as a device.
[move file]	Move file to specified path (OS/2).
[move new path]	Move file to specified path (UNIX/Xenix).
[multi-block data]	Send data for multi-block message.
[multi-block end]	Terminate multi-block message.
[multi-block hdr]	Send header for multi-block message.
[named pipe call]	Open, write, read, or close named pipe.
[named pipe wait]	Wait for named pipe to become ready.
[named pipe peek]	Look at named pipe data.
[named pipe query]	Query named pipe handle modes.
[named pipe set]	Set named pipe handle modes.
[named pipe attr]	Query named pipe attributes.
[named pipe R/W]	Named pipe read/write transaction.
[named pipe read]	Raw mode named pipe read.
[named pipe write]	Raw mode named pipe write.
[negotiate protoc]	Negotiate SMB protocol version.
[newfile & bind]	Make new file and get file system address.
[notify close]	Close handle used to monitor file changes.
[open file]	Open specified file.
[open & execute]	Open specified file and execute next command.
[open spoolfile]	Open specified print buffer file.
[process exit]	Terminate consumer process.
[read & execute]	Read file and execute next command.
[read and hide]	Read directory ignoring hidden files.
[read block mplex]	Read block data on multiplexed connection.
[read block raw]	Read block data on unique connection.
[read block sec/r]	Read block secondary response.
[read check]	Check file accessibility.
[read from file]	Read from specified file.
[read w/options]	Read from file with specified options.
[rename file]	Rename the specified file to a new name.
[reserve resourcs]	Reserve resources on the server.
[search dir]	Search directory with specified attribute.
[seek]	Set file pointer for handle.
[send broadcast]	Send a one block broadcast message.
[session setup]	Log-in with consumer-based authentication.
[set exp attrib]	Set expanded file attributes (OS/2).
[set unix attribs]	Set expanded file attributes (UNIX/Xenix).
[set file attribs]	Set normal file attributes.
[single block msg]	Send a single block message.
[transaction next]	Subsequent name transaction.
[tree & execute]	Make virtual connection and execute next command.
[tree connect]	Make a virtual connection.
[tree disconect]	Detach a virtual connection.
[unbind]	Discard file system address binding.
[unlock bytes]	Release a locked byte range.
[write & close]	Write to and close specified file handle.
[write & execute]	Write to file and execute next command.
[write & unlock]	Write to and unlock a byte range.
[write block raw]	Write block data on unique connection.
[write block mplx]	Write block data on multiplexed connection.
[write block sec]	Write block secondary request.
[write complete]	Terminate a write block sequence.
[write spoolfile]	Write to the specified print buffer.
[write to file]	Write to the specified file handle.
[X2 open file]	Open file.
[X2 find first]	Find first file.
[X2 find next]	Find next file.
[X2 query FS]	Get file system information.
[X2 set FS info]	Set file system information.
[X2 query path]	Get information on path.
[X2 set path]	Set path information.
[X2 query file]	Get file information.
[X2 set info]	Set file information.
[X2 FS control]	File system control information.
[X2 IOCTL]	I/O control for devices.
[X2 notify]	Monitor file for changes.
[X2 notify next]	Subsequent file monitoring.
[X2 make dir]	Make directory.

RCLS
Error Code Class. The second field of the decoded SMB protocol contains the error class and error code for each frame as in E=1/22, where 1 is the error class and 22 is the error code. The error class identifies the source of the error as shown in the following table:

Error Class	Name	Source of Error
0		No error, or error was handled by system.
1	ERRDOS	Server operating system.
2	ERRSRV	Server network file manager.
3	ERRHRD	System or device.
4	ERRXOS	Extended operating system.
225-227	ERRRMX	RMX operating system.
255	ERRCMD	Invalid SMB commands.

ERR
Error Code. The following is a list of SMB error codes/messages:

Error Message	Description
{Access denied}	Unable to service request.
{Access list full}	Access control list full.
{Bad attrib mode}	Invalid attributes specified.
{Bad disk request}	Disk command invalid.
{Bad drive spec}	Specified drive invalid.
{Bad environment}	Environment invalid.
{Bad EXE file}	Bad executable file format.
{Bad file access}	Invalid access to read only file.
{Bad file ID}	File handle invalid.
{Bad filespec}	Path name invalid.
{Bad format}	Format invalid.
{Bad function}	Function not supported.
{Bad I/O data}	Data invalid on server I/O device.
{Bad math argument}	Math argument invalid.
{Bad media type}	Unknown media type.
{Bad memory block}	Memory block address invalid.
{Bad open mode}	Open mode invalid.
{Bad permissions}	Specified permissions invalid.
{Bad print FID}	Print file ID invalid.
{Bad print request}	Printer device request invalid.
{Bad reqst length}	Bad request structure length.
{Bad semaphore}	Semaphore identifier invalid.
{Bad SMB command}	SMB command invalid.
{Bad Tree ID}	Tree ID invalid.
{Bad User ID}	User ID invalid.
{Bad user/passwrd}	Bad password or user name.
{Bad wait done}	Wait done for unwaited process.
{Continue in MPX}	Continue in block multiplexed mode.
{Can’t delete dir}	Cannot delete current directory.
{Can’t init net}	Network cannot be initialized.
{Can’t mount dev}	Device cannot be mounted.
{Can’t RAW, do MPX}	Cannot use raw blocks, use multiplexed.
{Can’t ren to vol}	Attempt to rename across volumes failed.
{Can’t support RAW}	Cannot support raw block access.
{Can’t write dir}	Attempt to write on a directory failed.
{Command not recvd}	Initial command not received.
{CRC data error}	Data CRC error on device.
{Dev out of space}	Device out of space.
{Device is remote}	Referenced device remote.
{Dir not found}	Directory not found.
{Disk write error}	Disk write fault.
{Disk read error}	Disk read fault.
{Disk seek error}	Disk seek error.
{Drive not ready}	Drive not ready.
{Dup filename}	File name already exists.
{EOF on printer}	End of file found on print queue dump.
{Err buffered}	Error message buffered.
{Err logged}	Error message logged.
{Err displayed}	Error message displayed.
{File not found}	Filespec not found.
{File too big}	Maximum file size exceeded.
{Gen disk failure}	General disk failure.
{Insuf acc rights}	Insufficient access rights.
{Invalid name}	Invalid name supplied on tree connect.
{Invalid pipe}	Invalid pipe specified.
{Lock conflict}	Lock/Unlock conflicts with other locks.
{Memory blks lost}	Memory control blocks destroyed.
{More data coming}	Cannot terminate; more data coming.
{Need block device}	File used where a block device needed.
{Need data file}	Must specify data file.
{No FCBs available}	Out of file control blocks.
{No more files}	No more matching files found.
{No proc to pipe}	No process available to pipe.
{No read process}	Write to a pipe with no read processes.
{No resources}	Server out of resources.
{No room f/message}	No room to buffer message.
{Not a directory}	Must specify directory.
{Not receiving}	Not receiving messages.
{No semaphores}	Semaphore not available.
{OK}	SMB command completed successfully.
{Out of disk space}	Print queue out of disk space.
{Out of handles}	Too many open files.
{Out of memory}	Insufficient memory on server.
{Out of paper}	Printer out of paper.
{Pipe is busy}	Pipe process busy; wait.
{Pipe is closing}	Terminating pipe process.
{Print Q full}	Print file queue table full.
{Proc table full}	Server process table full.
{Rem I/O error}	Remote I/O error.
{Sector not found}	Sector not found.
{Seek on pipe}	Seek was issued to a pipe.
{Server error}	General server error.
{Server paused}	Server paused.
{Share buffer out}	Share buffer out of space.
{Share conflict}	Share conflicts with existing files.
{Syntax error}	Syntax error in path name.
{Sys call intruptd}	Interrupted system call.
{Table overflow}	Internal table overflow.
{Terminal needed}	Terminal device required.
{Timed out}	Operation has run out of time.
{Too many links}	Too many links.
{Too many names}	Too many remote user names.
{Too many UIDs}	User ID limit exceeded.
{Unit unknown}	Unknown unit.
{Unknown error}	Non-specific error.
{Unknwn process}	No such process.
{Write protected}	Write on write-protected diskette.
{Wrong diskette}	Wrong diskette inserted in drive.

REB/FLG
REB reserved field is associated with the Core protocol only. The Flag field appears in protocol versions later than the Core protocol.:

Tree ID
Uniquely identifies a file sharing connection between consumer and server where this protocol uses a server-based file protection.

Process ID
Identifies a specific consumer process within a virtual connection.

User ID
Used by the server to verify the file access permissions of users where consumer-based file protection is in effect.

Multiplex ID
Used by the server to verify the file access permissions of groups where consumer-based file protection is in effect.

WCT
Number of parameter words.

VWV
Variable number of words of parameters.

BCC
Number of bytes of data which follow.

BUF
Variable number of data bytes.

search ][ protocols by family ][ index of protocols