forums.meulie.net

Help analyzing Wireshark logs?

Hi,

I’m having problems mounting a partition (192.168.1.3) on my local PC (192.168.1.2) using the command

and get the following error

I enabled debugging on cifs and got some further error messages

[quote] [1287.489124] /usr/src/packages/BUILD/kernel-pae-2.6.34/linux-2.6.34/fs/cifs/cifsfs.c: Devname: //192.168.1.3/home/xxxxx flags: 64
1287.489171] /usr/src/packages/BUILD/kernel-pae-2.6.34/linux-2.6.34/fs/cifs/connect.c: CIFS VFS: in cifs_mount as Xid: 10 with uid: 0
1287.489179] /usr/src/packages/BUILD/kernel-pae-2.6.34/linux-2.6.34/fs/cifs/connect.c: prefix path /xxxxx
1287.489182] /usr/src/packages/BUILD/kernel-pae-2.6.34/linux-2.6.34/fs/cifs/connect.c: Username: xxxxx
1287.489186] /usr/src/packages/BUILD/kernel-pae-2.6.34/linux-2.6.34/fs/cifs/connect.c: UNC: \192.168.1.3\home ip: 192.168.1.3
1287.489196] /usr/src/packages/BUILD/kernel-pae-2.6.34/linux-2.6.34/fs/cifs/connect.c: Socket created
1287.489987] /usr/src/packages/BUILD/kernel-pae-2.6.34/linux-2.6.34/fs/cifs/connect.c: Error -111 connecting to server via ipv4
1287.489994] CIFS VFS: Error connecting to socket. Aborting operation
1287.489999] /usr/src/packages/BUILD/kernel-pae-2.6.34/linux-2.6.34/fs/cifs/connect.c: CIFS VFS: leaving cifs_mount (xid = 10) rc = -111
1287.490002] CIFS VFS: cifs_mount failed w/return code = -111[/quote]

I’m unsure what this means, as nothing changed from the day it worked to the following day, when I started to get this error.

Someone suggested using wireshark to find out what’s going on, but the output baffles me. I have attached it here and hope someone may have some ideas.
Thanks.

Wireshark output when running the above mount command:

[quote]No. Time Source Destination Protocol Info
1205 3.395211000 192.168.1.2 192.168.1.3 TCP 34659 > microsoft-ds [SYN] Seq=0 Win=5808 Len=0 MSS=1452 SACK_PERM=1 TSV=828920 TSER=0 WS=6

Frame 1205: 74 bytes on wire (592 bits), 74 bytes captured (592 bits)
Arrival Time: Jan 1, 2000 16:21:57.702722000 GMT
Epoch Time: 946743717.702722000 seconds
[Time delta from previous captured frame: 0.004938000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 3.395211000 seconds]
Frame Number: 1205
Frame Length: 74 bytes (592 bits)
Capture Length: 74 bytes (592 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: TCP SYN/FIN]
[Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
Ethernet II, Src: Foxconn_8b:3d:a7 (00:15:58:8b:3d:a7), Dst: ExcitoEl_00:06:11 (00:22:02:00:06:11)
Destination: ExcitoEl_00:06:11 (00:22:02:00:06:11)
Address: ExcitoEl_00:06:11 (00:22:02:00:06:11)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Source: Foxconn_8b:3d:a7 (00:15:58:8b:3d:a7)
Address: Foxconn_8b:3d:a7 (00:15:58:8b:3d:a7)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.1.2 (192.168.1.2), Dst: 192.168.1.3 (192.168.1.3)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00… = Differentiated Services Codepoint: Default (0x00)
… …0. = ECN-Capable Transport (ECT): 0
… …0 = ECN-CE: 0
Total Length: 60
Identification: 0x51bf (20927)
Flags: 0x02 (Don’t Fragment)
0… … = Reserved bit: Not set
.1… … = Don’t fragment: Set
…0. … = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (6)
Header checksum: 0x65a7 [correct]
[Good: True]
[Bad: False]
Source: 192.168.1.2 (192.168.1.2)
Destination: 192.168.1.3 (192.168.1.3)
Transmission Control Protocol, Src Port: 34659 (34659), Dst Port: microsoft-ds (445), Seq: 0, Len: 0
Source port: 34659 (34659)
Destination port: microsoft-ds (445)
[Stream index: 2]
Sequence number: 0 (relative sequence number)
Header length: 40 bytes
Flags: 0x02 (SYN)
000. … … = Reserved: Not set
…0 … … = Nonce: Not set
… 0… … = Congestion Window Reduced (CWR): Not set
… .0… … = ECN-Echo: Not set
… …0. … = Urgent: Not set
… …0 … = Acknowledgement: Not set
… … 0… = Push: Not set
… … .0… = Reset: Not set
… … …1. = Syn: Set
[Expert Info (Chat/Sequence): Connection establish request (SYN): server port microsoft-ds]
[Message: Connection establish request (SYN): server port microsoft-ds]
[Severity level: Chat]
[Group: Sequence]
… … …0 = Fin: Not set
Window size: 5808
Checksum: 0x8634 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (20 bytes)
Maximum segment size: 1452 bytes
TCP SACK Permitted Option: True
Timestamps: TSval 828920, TSecr 0
NOP
Window scale: 6 (multiply by 64)

No. Time Source Destination Protocol Info
1208 3.395599000 192.168.1.3 192.168.1.2 TCP microsoft-ds > 34659 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0

Frame 1208: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Arrival Time: Jan 1, 2000 16:21:57.703110000 GMT
Epoch Time: 946743717.703110000 seconds
[Time delta from previous captured frame: 0.000047000 seconds]
[Time delta from previous displayed frame: 0.000388000 seconds]
[Time since reference or first frame: 3.395599000 seconds]
Frame Number: 1208
Frame Length: 60 bytes (480 bits)
Capture Length: 60 bytes (480 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: TCP RST]
[Coloring Rule String: tcp.flags.reset eq 1]
Ethernet II, Src: ExcitoEl_00:06:11 (00:22:02:00:06:11), Dst: Foxconn_8b:3d:a7 (00:15:58:8b:3d:a7)
Destination: Foxconn_8b:3d:a7 (00:15:58:8b:3d:a7)
Address: Foxconn_8b:3d:a7 (00:15:58:8b:3d:a7)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Source: ExcitoEl_00:06:11 (00:22:02:00:06:11)
Address: ExcitoEl_00:06:11 (00:22:02:00:06:11)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Trailer: 000000000000
Internet Protocol, Src: 192.168.1.3 (192.168.1.3), Dst: 192.168.1.2 (192.168.1.2)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00… = Differentiated Services Codepoint: Default (0x00)
… …0. = ECN-Capable Transport (ECT): 0
… …0 = ECN-CE: 0
Total Length: 40
Identification: 0x0000 (0)
Flags: 0x02 (Don’t Fragment)
0… … = Reserved bit: Not set
.1… … = Don’t fragment: Set
…0. … = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (6)
Header checksum: 0xb77a [correct]
[Good: True]
[Bad: False]
Source: 192.168.1.3 (192.168.1.3)
Destination: 192.168.1.2 (192.168.1.2)
Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 34659 (34659), Seq: 1, Ack: 1, Len: 0
Source port: microsoft-ds (445)
Destination port: 34659 (34659)
[Stream index: 2]
Sequence number: 1 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x14 (RST, ACK)
000. … … = Reserved: Not set
…0 … … = Nonce: Not set
… 0… … = Congestion Window Reduced (CWR): Not set
… .0… … = ECN-Echo: Not set
… …0. … = Urgent: Not set
… …1 … = Acknowledgement: Set
… … 0… = Push: Not set
… … .1… = Reset: Set
[Expert Info (Chat/Sequence): Connection reset (RST)]
[Message: Connection reset (RST)]
[Severity level: Chat]
[Group: Sequence]
… … …0. = Syn: Not set
… … …0 = Fin: Not set
Window size: 0
Checksum: 0xaaaf [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 1205]
[The RTT to ACK the segment was: 0.000388000 seconds]

No. Time Source Destination Protocol Info
1209 3.395626000 192.168.1.2 192.168.1.3 TCP 45211 > netbios-ssn [SYN] Seq=0 Win=5808 Len=0 MSS=1452 SACK_PERM=1 TSV=828920 TSER=0 WS=6

Frame 1209: 74 bytes on wire (592 bits), 74 bytes captured (592 bits)
Arrival Time: Jan 1, 2000 16:21:57.703137000 GMT
Epoch Time: 946743717.703137000 seconds
[Time delta from previous captured frame: 0.000027000 seconds]
[Time delta from previous displayed frame: 0.000027000 seconds]
[Time since reference or first frame: 3.395626000 seconds]
Frame Number: 1209
Frame Length: 74 bytes (592 bits)
Capture Length: 74 bytes (592 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: TCP SYN/FIN]
[Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
Ethernet II, Src: Foxconn_8b:3d:a7 (00:15:58:8b:3d:a7), Dst: ExcitoEl_00:06:11 (00:22:02:00:06:11)
Destination: ExcitoEl_00:06:11 (00:22:02:00:06:11)
Address: ExcitoEl_00:06:11 (00:22:02:00:06:11)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Source: Foxconn_8b:3d:a7 (00:15:58:8b:3d:a7)
Address: Foxconn_8b:3d:a7 (00:15:58:8b:3d:a7)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.1.2 (192.168.1.2), Dst: 192.168.1.3 (192.168.1.3)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00… = Differentiated Services Codepoint: Default (0x00)
… …0. = ECN-Capable Transport (ECT): 0
… …0 = ECN-CE: 0
Total Length: 60
Identification: 0x51b2 (20914)
Flags: 0x02 (Don’t Fragment)
0… … = Reserved bit: Not set
.1… … = Don’t fragment: Set
…0. … = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (6)
Header checksum: 0x65b4 [correct]
[Good: True]
[Bad: False]
Source: 192.168.1.2 (192.168.1.2)
Destination: 192.168.1.3 (192.168.1.3)
Transmission Control Protocol, Src Port: 45211 (45211), Dst Port: netbios-ssn (139), Seq: 0, Len: 0
Source port: 45211 (45211)
Destination port: netbios-ssn (139)
[Stream index: 3]
Sequence number: 0 (relative sequence number)
Header length: 40 bytes
Flags: 0x02 (SYN)
000. … … = Reserved: Not set
…0 … … = Nonce: Not set
… 0… … = Congestion Window Reduced (CWR): Not set
… .0… … = ECN-Echo: Not set
… …0. … = Urgent: Not set
… …0 … = Acknowledgement: Not set
… … 0… = Push: Not set
… … .0… = Reset: Not set
… … …1. = Syn: Set
[Expert Info (Chat/Sequence): Connection establish request (SYN): server port netbios-ssn]
[Message: Connection establish request (SYN): server port netbios-ssn]
[Severity level: Chat]
[Group: Sequence]
… … …0 = Fin: Not set
Window size: 5808
Checksum: 0x5e2b [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (20 bytes)
Maximum segment size: 1452 bytes
TCP SACK Permitted Option: True
Timestamps: TSval 828920, TSecr 0
NOP
Window scale: 6 (multiply by 64)

No. Time Source Destination Protocol Info
1210 3.395968000 192.168.1.3 192.168.1.2 TCP netbios-ssn > 45211 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0

Frame 1210: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Arrival Time: Jan 1, 2000 16:21:57.703479000 GMT
Epoch Time: 946743717.703479000 seconds
[Time delta from previous captured frame: 0.000342000 seconds]
[Time delta from previous displayed frame: 0.000342000 seconds]
[Time since reference or first frame: 3.395968000 seconds]
Frame Number: 1210
Frame Length: 60 bytes (480 bits)
Capture Length: 60 bytes (480 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: TCP RST]
[Coloring Rule String: tcp.flags.reset eq 1]
Ethernet II, Src: ExcitoEl_00:06:11 (00:22:02:00:06:11), Dst: Foxconn_8b:3d:a7 (00:15:58:8b:3d:a7)
Destination: Foxconn_8b:3d:a7 (00:15:58:8b:3d:a7)
Address: Foxconn_8b:3d:a7 (00:15:58:8b:3d:a7)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Source: ExcitoEl_00:06:11 (00:22:02:00:06:11)
Address: ExcitoEl_00:06:11 (00:22:02:00:06:11)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Trailer: 000000000000
Internet Protocol, Src: 192.168.1.3 (192.168.1.3), Dst: 192.168.1.2 (192.168.1.2)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00… = Differentiated Services Codepoint: Default (0x00)
… …0. = ECN-Capable Transport (ECT): 0
… …0 = ECN-CE: 0
Total Length: 40
Identification: 0x0000 (0)
Flags: 0x02 (Don’t Fragment)
0… … = Reserved bit: Not set
.1… … = Don’t fragment: Set
…0. … = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (6)
Header checksum: 0xb77a [correct]
[Good: True]
[Bad: False]
Source: 192.168.1.3 (192.168.1.3)
Destination: 192.168.1.2 (192.168.1.2)
Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 45211 (45211), Seq: 1, Ack: 1, Len: 0
Source port: netbios-ssn (139)
Destination port: 45211 (45211)
[Stream index: 3]
Sequence number: 1 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x14 (RST, ACK)
000. … … = Reserved: Not set
…0 … … = Nonce: Not set
… 0… … = Congestion Window Reduced (CWR): Not set
… .0… … = ECN-Echo: Not set
… …0. … = Urgent: Not set
… …1 … = Acknowledgement: Set
… … 0… = Push: Not set
… … .1… = Reset: Set
[Expert Info (Chat/Sequence): Connection reset (RST)]
[Message: Connection reset (RST)]
[Severity level: Chat]
[Group: Sequence]
… … …0. = Syn: Not set
… … …0 = Fin: Not set
Window size: 0
Checksum: 0x82a6 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 1209]
[The RTT to ACK the segment was: 0.000342000 seconds]
[/quote]