1、SMB協議與CIFS協議的區別
139端口是一種TCP端口,該端口在通過網上鄰居訪問局域網中的共享文件或共享打印機時就能發揮作用。
445端口也是一種TCP端口,該端口在 Windows 2000 Server或Windows Server 2003系統中發揮的作用與139端口是完全相同的。具體地說,它也是提供局域網中文件或打印機共享服務。不過該端口是基於CIFS協議(通用因特網文件系統協議)工作的,而139端口是基於SMB協議(Server Message Block服務器協議族)對外提供共享服務。
NBT(NetBIOS over TCP/IP)
使用137, 138 (UDP) and 139 (TCP)來實現基於TCP/IP的NETBIOS網際互聯。
在Windows NT中SMB基於NBT實現。而在Windows2000中,SMB除了基於NBT的實現,還有直接通過445端口實現。
當Win2000(允許NBT)作為client來連接SMB服務器時,它會同時嘗試連接139和445端口,如果445端口有響應,那么就發送RST包給139端口斷開連接,以455端口通訊來繼續.當445端口無響應時,才使用139端口。
當Win2000(禁止NBT)作為client來連接SMB服務器時,那么它只會嘗試連接445端口,如果無響應,那么連接失敗。(注意可能對方是NT4.0服務器。)
如果win2000服務器允許NBT, 那么UDP端口137, 138, TCP 端口 139, 445將開放。
如果 NBT 被禁止, 那么只有445端口開放。
.
2、SMB協議
SMB是的Server Message Block簡寫,這個協議用於共享文件,共享打印機,共享串口等用途。我們之所以能夠在windows的網絡鄰居下訪問一個域內的其他機器,就是通過這個協議實現的。
SMB協議是一個很重要的協議,目前絕大多數的PC上都在運行這一協議,windows系統都充當着SMB協議的客戶端和服務器,所以SMB是一個遵循客戶機服務器模式的協議。SMB服務器負責通過網絡提供可用的共享資源給SMB客戶機,服務器和客戶機之間通過TCP/IP協議、或者IPX協議、或者是NetBEUI進行連接。一旦服務器和客戶機之間建立了一個連接,客戶機就可以通過向服務器發送命令完成共享操作,比如讀,寫,檢索等。
消息格式:SMB Message分為三個部分
SMB Header, //頭部 4byte
SMB Command Header//命令頭部 32byte
the Data Block. //數據部分
==================================================================
SMB 頭部
數據結構:
typedef unsigned char UCHAR; // 8 unsigned bits
typedef unsigned short USHORT; // 16 unsigned bits
typedef unsigned long ULONG; // 32 unsigned bits
typedef struct {
ULONG LowPart;
LONG HighPart;
} LARGE_INTEGER; // 64 bits of data
typedef struct {
UCHAR Protocol[4]; // Contains 0xFF,'SMB'
UCHAR Command; // Command code
union {
struct {
UCHAR ErrorClass; // Error class
UCHAR Reserved; // Reserved for future use
USHORT Error; // Error code
} DosError;
ULONG Status; // 32-bit error code
} Status;
UCHAR Flags; // Flags
USHORT Flags2; // More flags
union {
USHORT Pad[6]; // Ensure section is 12 by
struct {
USHORT PidHigh; // High Part of PID
UCHAR SecuritySignature[8]; // reserved for MAC
} Extra;
};
USHORT Tid; // Tree identifier
USHORT Pid; // Caller’s process ID, opaque for
client use
USHORT Uid; // User id
USHORT Mid; // multiplex id
UCHAR WordCount; // Count of parameter words
} SMB_HEADER;
說明:
1、Tid
Tid represents an instance of an authenticated connection to a server resource. The server
returns Tid to the client when the client successfully connects to a resource, and the client uses Tid in subsequent requests referring to the resource.
2、Pid Pid is the caller's process id, and is generated by the client to uniquely identify a process within the client computer.
3、Uid Field
Uid is a reference number assigned by the server after a user authenticates to it, and that it will associate with that user until the client requests the association be broken. After authentication to the server, the client SHOULD make sure that the Uid is not used for a different user that the onethat authenticated. (It is permitted for a single user to have more than one Uid.) Requests that do authorization, such as open requests, will perform access checks using the identity associated with the Uid.
4、 Mid Field
The multiplex ID (Mid) is used along with the Pid to allow multiplexing the single client and server connection among the client's multiple processes, threads, and requests per thread. Clients may have many outstanding requests (up to the negotiated number, MaxMpxCount) at one time. Servers MAY respond to requests in any order, but a response message MUST always contain the same Mid and Pid values as the corresponding request message. The client MUST NOT have multiple outstanding requests to a server with the same Mid and Pid.
5、command code
(1)SMB_COM_NEGOTIATE 0x72
Client Command Server Response
========================== =========================================
SMB_COM_NEGOTIATE Must be the first message sent by client
to the server. Includes a list of SMB
dialects supported by the client. Server
response indicates which SMB dialect
should be used.
(2)SMB_COM_SESSION_SETUP_ANDX 0x73
SMB_COM_SESSION_SETUP_ANDX Transmits the user's name and credentials
to the server for verification.
Successful server response has Uid field
set in SMB header used for subsequent
SMBs on behalf of this user.
(3)SMB_COM_NT_CREATE_ANDX 0xa2
Client Command Server Response
========================== =========================================
SMB_COM_NT_CREATE_ANDX An SMB_COM_NT_CREATE_ANDX request is sent
by a client to open a file or device on the server.
(4)SMB_COM_READ_AndX 0x2e
SMB_COM_READ_AndX
An SMB_COM_READ_ANDX request is sent by a client to read from a file or named pipe on a server
(5) SMB_COM_WRITE_AndX 0x2f
SMB_COM_WRITE_AndX
An SMB_COM_WRITE_AndX request is sent by a client to write from a file or named pipe on a server