4.2 Negotiating SMB 2.1 dialect by using Multi-Protocol Negotiate
The following diagram shows the steps taken by a client that is negotiating SMB 2.1 dialect by using an SMB-style negotiate.
Figure 7: Client negotiating SMB 2.1 dialect with SMB-style negotiate
The client sends an SMB negotiate packet with the string "SMB 2.???" in the dialect string list, along with the other SMB dialects the client implements.
Smb: C; Negotiate, Dialect = PC NETWORK PROGRAM 1.0, LANMAN1.0, Windows for Workgroups 3.1a, LM1.2X002, LANMAN2.1, NT LM 0.12, SMB 2.002, SMB 2.??? Protocol: SMB Command: Negotiate 114(0x72) NTStatus: 0x0, Facility = FACILITY_SYSTEM, Severity = STATUS_SEVERITY_SUCCESS, Code = (0) STATUS_SUCCESS Code: (................0000000000000000) (0) STATUS_SUCCESS Facility: (...0000000000000................) FACILITY_SYSTEM Customer: (..0.............................) NOT Customer Defined Severity: (00..............................) STATUS_SEVERITY_SUCCESS SMBHeader: Command, TID: 0xFFFF, PID: 0xFEFF, UID: 0x0000, MID: 0x0000 Flags: 24 (0x18) LockAndRead: (.......0) LOCK_AND_READ and WRITE_AND_UNLOCK NOT supported (Obsolete) (SMB_FLAGS_LOCK_AND_READ_OK) NoAck: (......0.) An ACK response is needed (SMB_FLAGS_SEND_NO_ACK[only applicable when SMB transport is NetBIOS over IPX]) Reserved_bit2: (.....0..) Reserved (Must Be Zero) CaseInsensitive: (....1...) SMB paths are caseinsensitive (SMB_FLAGS_CASE_INSENSITIVE) Canonicalized: (...1....) Canonicalized File and pathnames (Obsolete) (SMB_FLAGS_CANONICALIZED_PATHS) Oplock: (..0.....) Oplocks NOT supported for OPEN, CREATE & CREATE_NEW (Obsolete) (SMB_FLAGS_OPLOCK) OplockNotify: (.0......) Notifications NOT supported for OPEN, CREATE & CREATE_NEW (Obsolete) (SMB_FLAGS_OPLOCK_NOTIFY_ANY) FromServer: (0.......) Command SMB is being sent from the client (SMB_FLAGS_SERVER_TO_REDIR) Flags2: 51283 (0xC853) KnowsLongFiles: (...............1) Understands Long File Names (SMB_FLAGS2_KNOWS_LONG_NAMES) ExtendedAttribs: (..............1.) Understands extended attributes (SMB_FLAGS2_KNOWS_EAS) SignEnabled: (.............0..) Security signatures NOT enabled (SMB_FLAGS2_SMB_SECURITY_SIGNATURE) Compressed: (............0...) Compression Disabled for REQ_NT_WRITE_ANDX and RESP_READ_ANDX (SMB_FLAGS2_COMPRESSED) SignRequired: (...........1....) Security Signatures are required (SMB_FLAGS2_SMB_SECURITY_SIGNATURE_REQUIRED) Reserved_bit5: (..........0.....) Reserved (Must Be Zero) LongFileNames: (.........1......) Use Long File Names (SMB_FLAGS2_IS_LONG_NAME) Reserved_bits7_9: (......000.......) Reserved (Must Be Zero) ReparsePath: (.....0..........) NOT a Reparse path (SMB_FLAGS2_REPARSE_PATH) ExtSecurity: (....1...........) Aware of extended security (SMB_FLAGS2_EXTENDED_SECURITY) Dfs: (...0............) NO DFS namespace (SMB_FLAGS2_DFS) Paging: (..0.............) Read operation will NOT be permitted unless user has permission (NO Paging IO) (SMB_FLAGS2_PAGING_IO) StatusCodes: (.1..............) Using 32bit NT status error codes (SMB_FLAGS2_NT_STATUS) Unicode: (1...............) Using UNICODE strings (SMB_FLAGS2_UNICODE) PIDHigh: 0 (0x0) SecuritySignature: 0x0 Reserved: 0 (0x0) TreeID: 65535 (0xFFFF) Reserved: 0 (0x0) UserID: 0 (0x0) MultiplexID: 0 (0x0) CNegotiate: WordCount: 0 (0x0) ByteCount: 120 (0x78) Dialect: PC NETWORK PROGRAM 1.0 BufferFormat: Dialect 2(0x2) DialectName: PC NETWORK PROGRAM 1.0 Dialect: LANMAN1.0 BufferFormat: Dialect 2(0x2) DialectName: LANMAN1.0 Dialect: Windows for Workgroups 3.1a BufferFormat: Dialect 2(0x2) DialectName: Windows for Workgroups 3.1a Dialect: LM1.2X002 BufferFormat: Dialect 2(0x2) DialectName: LM1.2X002 Dialect: LANMAN2.1 BufferFormat: Dialect 2(0x2) DialectName: LANMAN2.1 Dialect: NT LM 0.12 BufferFormat: Dialect 2(0x2) DialectName: NT LM 0.12 Dialect: SMB 2.002 BufferFormat: Dialect 2(0x2) DialectName: SMB 2.002 Dialect: SMB 2.??? BufferFormat: Dialect 2(0x2) DialectName: SMB 2.???
The server receives the SMB negotiate request and finds the "SMB 2.???" string in the dialect string list. The server responds with an SMB2 NEGOTIATE Response with the DialectRevision set to 0x02ff.
Smb2: R NEGOTIATE (0x0), GUID={1ED9580F5FEF1AA04B9DDB1C77C63757}, Mid = 0 SMBIdentifier: SMB SMB2Header: R NEGOTIATE (0x0) Size: 64 (0x40) CreditCharge: 0 (0x0) Status: 0x0, Facility = FACILITY_SYSTEM, Severity = STATUS_SEVERITY_SUCCESS, Code = (0) STATUS_SUCCESS Code: (................0000000000000000) (0) STATUS_SUCCESS Facility: (...0000000000000................) FACILITY_SYSTEM Customer: (..0.............................) NOT Customer Defined Severity: (00..............................) STATUS_SEVERITY_SUCCESS Command: NEGOTIATE (0x0) Credits: 1 (0x1) Flags: 0x1 ServerToRedir: (...............................1) Server to Client (SMB2_FLAGS_SERVER_TO_REDIR) AsyncCommand: (..............................0.) Command is not asynchronous (SMB2_FLAGS_ASYNC_COMMAND) Related: (.............................0..) Packet is single message (SMB2_FLAGS_RELATED_OPERATIONS) Signed: (............................0...) Packet is not signed (SMB2_FLAGS_SIGNED) Reserved4_27: (....000000000000000000000000....) DFS: (...0............................) Command is not a DFS Operation (SMB2_FLAGS_DFS_OPERATIONS) Reserved29_31: (000.............................) NextCommand: 0 (0x0) MessageId: 0 (0x0) Reserved: 0 (0x0) TreeId: 0 (0x0) SessionId: 0 (0x0) Signature: Binary Large Object (16 Bytes) RNegotiate: Size: 65 (0x41) SecurityMode: Signing Enabled (0x1) DialectRevision: 767 (0x2FF) Reserved: 0 (0x0) Guid: {1ED9580F5FEF1AA04B9DDB1C77C63757} Capabilities: 0x3 DFS: (...............................1) DFS available Reserved_bits1_31: (0000000000000000000000000000001.) Reserved MaxTransactSize: 1048576 (0x100000) MaxReadSize: 1048576 (0x100000) MaxWriteSize: 1048576 (0x100000) SystemTime: 12/29/2008, 11:18:59 PM SystemStartTime: 12/05/2008, 11:55:51 PM SecurityBufferOffset: 128 (0x80) SecurityBufferLength: 120 (0x78) Reserved2: 541936672 (0x204D4C20) securityBlob:The client receives the SMB2 NEGOTIATE Response. The client issues a new SMB2 NEGOTIATE Request with a new dialect 0x0210 appended along with other SMB2 dialects.
Smb2: C NEGOTIATE (0x0), GUID={9879BE56-0D00-58BA-11DD-D5F0AF3A5B5D}, Mid = 1 SMBIdentifier: SMB SMB2Header: C NEGOTIATE (0x0) Size: 64 (0x40) CreditCharge: 0 (0x0) Status: 0x0, Facility = FACILITY_SYSTEM, Severity = STATUS_SEVERITY_SUCCESS, Code = (0) STATUS_SUCCESS Code: (................0000000000000000) (0) STATUS_SUCCESS Facility: (...0000000000000................) FACILITY_SYSTEM Customer: (..0.............................) NOT Customer Defined Severity: (00..............................) STATUS_SEVERITY_SUCCESS Command: NEGOTIATE (0x0) Credits: 0 (0x0) Flags: 0x0 ServerToRedir: (...............................0) Client to Server (SMB2_FLAGS_SERVER_TO_REDIR) AsyncCommand: (..............................0.) Command is not asynchronous (SMB2_FLAGS_ASYNC_COMMAND) Related: (.............................0..) Packet is single message (SMB2_FLAGS_RELATED_OPERATIONS) Signed: (............................0...) Packet is not signed (SMB2_FLAGS_SIGNED) Reserved4_27: (....000000000000000000000000....) DFS: (...0............................) Command is not a DFS Operation (SMB2_FLAGS_DFS_OPERATIONS) Reserved29_31: (000.............................) NextCommand: 0 (0x0) MessageId: 1 (0x1) Reserved: 0 (0x0) TreeId: 0 (0x0) SessionId: 0 (0x0) Signature: Binary Large Object (16 Bytes) CNegotiate: Size: 36 (0x24) DialectCount: 2 (0x2) SecurityMode: Signing Enabled (0x1) Reserved: 0 (0x0) Capabilities: 0x0 DFS: (...............................0) DFS unavailable Reserved_bits1_31: (0000000000000000000000000000000.) Reserved Guid: {9879BE56-0D00-58BA-11DD-D5F0AF3A5B5D} StartTime: No Time Specified (0) Dialects: Dialects: 514 (0x202) Dialects: 528 (0x210)The server receives the SMB2 negotiate request and finds dialect 0x0210. The server sends an SMB2 NEGOTIATE Response with DialectRevision set to 0x0210.
Smb2: R NEGOTIATE (0x0), GUID={1ED9580F-5FEF-1AA0-4B9D-DB1C77C63757}, Mid = 1 SMBIdentifier: SMB SMB2Header: R NEGOTIATE (0x0) Size: 64 (0x40) CreditCharge: 0 (0x0) Status: 0x0, Facility = FACILITY_SYSTEM, Severity = STATUS_SEVERITY_SUCCESS, Code = (0) STATUS_SUCCESS Code: (................0000000000000000) (0) STATUS_SUCCESS Facility: (...0000000000000................) FACILITY_SYSTEM Customer: (..0.............................) NOT Customer Defined Severity: (00..............................) STATUS_SEVERITY_SUCCESS Command: NEGOTIATE (0x0) Credits: 1 (0x1) Flags: 0x1 ServerToRedir: (...............................1) Server to Client (SMB2_FLAGS_SERVER_TO_REDIR) AsyncCommand: (..............................0.) Command is not asynchronous (SMB2_FLAGS_ASYNC_COMMAND) Related: (.............................0..) Packet is single message (SMB2_FLAGS_RELATED_OPERATIONS) Signed: (............................0...) Packet is not signed (SMB2_FLAGS_SIGNED) Reserved4_27: (....000000000000000000000000....) DFS: (...0............................) Command is not a DFS Operation (SMB2_FLAGS_DFS_OPERATIONS) Reserved29_31: (000.............................) NextCommand: 0 (0x0) MessageId: 1 (0x1) Reserved: 0 (0x0) TreeId: 0 (0x0) SessionId: 0 (0x0) Signature: Binary Large Object (16 Bytes) RNegotiate: Size: 65 (0x41) SecurityMode: Signing Enabled (0x1) DialectRevision: 528 (0x210) Reserved: 0 (0x0) Guid: {1ED9580F-5FEF-1AA0-4B9D-DB1C77C63757} Capabilities: 0x3 DFS: (...............................1) DFS available Reserved_bits1_31: (0000000000000000000000000000001.) Reserved MaxTransactSize: 1048576 (0x100000) MaxReadSize: 1048576 (0x100000) MaxWriteSize: 1048576 (0x100000) SystemTime: 12/29/2008, 11:18:59 PM SystemStartTime: 12/05/2008, 11:55:51 PM SecurityBufferOffset: 128 (0x80) SecurityBufferLength: 120 (0x78) Reserved2: 0 (0x0) securityBlob: