T Protocol Definitions Appendix B
advertisement
4620-1 appB.f.qc 10/28/99 12:34 PM Page 791 Appendix B Protocol Definitions T hese selected protocol definitions are extremely helpful in learning the finer points of network protocols. This information is exposed under Network Monitor’s Display Capture dialog box. While only selected protocols are displayed here in the interest of space, you may be interested in using Network Monitor and learning more about other definitions. Data Type Legend ● Byte ❍ Array of Bytes ❏ Word ■ Array of Words ▲ Dword ✓ Array of DWords × Large Integer ◗ Date & Time + Address ◆ No Value Version Control Legend* Property with asterisk (*) New in Windows 2000 Property in italics Was in Windows NT, but not Windows 2000 *Note: Some property names have both of these characteristics, which means that the values changed from Windows NT to Windows 2000. 4620-1 appB.f.qc 792 10/28/99 12:34 PM Page 792 Appendixes ■ ■ ❍ ◆ *Address Length Flags ● ◆ *ARP ARP ❍ ❍ ◆ ◆ *ATM ARP Frame Padding ❍ ◆ Hardware Address Length ● ● ● ● ● ● ❍ ◆ *Hardware Type ■ ■ ■ ■ ■ ■ ❍ ◆ Opcode ■ ■ ■ ■ ■ ■ ❍ ◆ Protocol Address Length ● ● ● ● ● ● ❍ ◆ *Protocol Type ■ ■ ■ ■ ■ ■ ❍ ◆ ◆ *RARP Protocol RARP Protocol ❍ ❍ ◆ Sender’s Hardware Address + ❍ ◆ Sender’s Protocol Address + ❍ ◆ *Senders ATM Address Length ● ● ● ● ● ● ❍ ◆ *Senders E.164 Address Length ● ● ● ● ● ● ❍ ◆ *Source ATM Address ❍ ❍ ◆ *Source E.164 Address ❍ ❍ ◆ *Target ATM Address ❍ ❍ ◆ *Target E.164 Address ❍ ❍ ◆ Target’s Hardware Address + ❍ ◆ Target’s Protocol Address + ❍ ◆ Includes Exists Contains <= >= ❍ < ARP_RARP (Address Resolution Protocol/ Reverse Address Resolution Protocol) ❍ > <> Relations = Protocol Name/Properties 4620-1 appB.f.qc 10/28/99 12:34 PM Page 793 793 Appendix B: Protocol Definitions Relations > < >= <= Contains Exists *Targets E.164 Address Length ● ● ● ● ● ● ❍ ◆ Hardware Address Space ■ ■ ■ ■ ■ ■ ❍ ◆ Protocol Address Space ■ ■ ■ ■ ■ ■ ❍ ◆ IP (Internet Protocol) ❍ ❍ Checksum ■ ■ ■ ■ ■ ■ ❍ ◆ Compartmentalization ■ ■ ■ ■ ■ ■ ❍ ◆ ❍ ◆ ● ❍ ◆ ❍ ◆ ● ❍ ◆ ❍ ◆ ● Data Delay ● Destination Address + End of Options ● ● ● ● ● ● ● ● ● Flags Flags Summary ● ● ● ● ● ● ❍ ◆ Fragment Offset ■ ■ ■ ■ ■ ■ ❍ ◆ ❍ ◆ Fragmented Datagram Data Gateway + ❍ ◆ Handling Restrictions ❍ ❍ ◆ Header Length ● ● ● ● ● ● ❍ ◆ Identification ■ ■ ■ ■ ■ ■ ❍ ◆ ❍ ◆ *Internet Timestamp Option Internet Timestamp Option ● ● ● ● ● ● ❍ ◆ Invalid Option ● ● ● ● ● ● ❍ ◆ *Malformed Option ❍ ◆ *Loose Source Routing Option ❍ ◆ Loose Source Routing Option ● ● ● ● ● ● ❍ ◆ Missed Stations ● ● ● ● ● ● ❍ ◆ Next Slot Pointer ● ● ● ● ● ● ❍ ◆ No Operation ● ● ● ● ● ● ❍ ◆ ❍ ◆ *Option Data Includes Protocol Name/Properties <> ■ = ■ Continued 4620-1 appB.f.qc 794 10/28/99 12:34 PM Page 794 Appendixes ■ ■ >= <= Exists Includes Option Length ● ● ● ● ● ● ❍ ◆ *Option Type ● ● ● ● ● ● ❍ ◆ ❍ ◆ < > Contains Relations (continued) <> Protocol Name/Properties Option Fields Padding Precedence ● ● ● ● ● ● ❍ ◆ Protocol ● ● ● ● ● ● ❍ ◆ ❍ ◆ *Record Route Option Record Route Option ● ● ● ● ● ● ❍ ◆ Reliability ● ● ● ● ● ● ❍ ◆ ❍ ◆ ● ❍ ◆ *Reserved Bytes Reserved Bytes ● ● ● ● ● ❍ ◆ *Route To Go Route To Go ● ● ● ● ● *Route Traveled ● ❍ ◆ ❍ ◆ Route Traveled ● ● ● ● ● ● ❍ ◆ Routing Pointer ● ● ● ● ● ● ❍ ◆ Security Level ■ ■ ■ ■ ■ ■ ❍ ◆ ❍ ◆ *Security Option Security Option ● ● ● ● ● ● ❍ ◆ Service Type ● ● ● ● ● ● ❍ ◆ Source Address + ❍ ◆ Stream Identifier ■ ■ ❍ ◆ ❍ ◆ ● ❍ ◆ ❍ ◆ ● ❍ ◆ ■ ■ ■ ■ *Stream Option Stream Option ● ● ● ● ● *Strict Source Routing Option Strict Source Routing Option ● ● ● ● ● ◆ *Summary Summary ❍ Throughput ● ● ● ● ● ❍ ◆ ● ❍ ◆ 4620-1 appB.f.qc 10/28/99 12:34 PM Page 795 795 Appendix B: Protocol Definitions ■ ■ Exists Includes ● ● ● ● ● ❍ ◆ Time Point ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ Time Pointer ● ● ● ● ● ● ❍ ◆ Time Route ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ Time to Live ● ● ● ● ● ● ❍ ◆ Total Length ■ ■ ■ ■ ■ ■ ❍ ◆ Transmission Control Code ● ● ● ● ● ● ❍ ◆ Version ● ● ● ● ● ● ❍ ◆ NBT (NetBIOS over TCP/IP) ❍ ❍ Adapter Address + ❍ ◆ Additional Record Count ■ ■ ■ ■ ■ ■ ❍ ◆ Answer Count ■ ■ ■ ■ ■ ■ ❍ ◆ ASCII Name ❍ ❍ ◆ ❍ ◆ ❍ ◆ ❍ ◆ ❍ ◆ < ● > Time Options <> <= Contains Relations >= Protocol Name/Properties *Called Name Called Name ❍ *Calling Name Calling Name ❍ Datagram Flags ● ● ● ● ● ● ❍ ◆ Datagram ID ■ ■ ■ ■ ■ ■ ❍ ◆ Datagram Length ■ ■ ■ ■ ■ ■ ❍ ◆ Datagram Packet Type ● ● ● ● ● ● ❍ ◆ ❍ ◆ Destination Name ◆ *DS DS ❍ DS Data DS First/More Packet Flags ❍ ◆ ❍ ◆ ❍ ◆ ● Duration ■ ■ ■ ■ ■ ■ ❍ ◆ Error Code ● ● ● ● ● ● ❍ ◆ Continued 4620-1 appB.f.qc 796 10/28/99 12:34 PM Page 796 Appendixes ■ < ■ ■ Frame Padding Includes ■ Exists ■ Contains Flags Summary <= Relations (continued) >= Protocol Name/Properties > ■ <> ■ ■ ❍ ◆ ❍ ◆ Free NCBS ■ ■ ■ ■ ■ ■ ❍ ◆ FRMRS Received ■ ■ ■ ■ ■ ■ ❍ ◆ FRMRS Transmitted ■ ■ ■ ■ ■ ■ ❍ ◆ ❍ ◆ ■ Group Name Flag lframe Receive Errors ■ ■ ■ ■ ■ ■ ❍ ◆ Iframe Transmit Errors ■ ■ ■ ■ ■ ■ ❍ ◆ Lanman Destination Name ❍ ◆ Lanman Source Name ❍ ◆ ❍ ◆ ● Length Extensions Max Config Sessions ■ ■ ■ ■ ■ ■ ❍ ◆ Max Datagram ■ ■ ■ ■ ■ ■ ❍ ◆ Max NCBS ■ ■ ■ ■ ■ ■ ❍ ◆ Max Sessions ■ ■ ■ ■ ■ ■ ❍ ◆ ❍ ◆ ■ ■ ❍ ◆ ❍ ◆ ■ Name Flags Name Service Count ■ ■ ■ ■ ■ Name Service Flags ◆ *NBT Summary NBT Summary ❍ ❍ ◆ NCBS ■ ■ ■ ■ ■ ■ ❍ ◆ No Receive Buffers ■ ■ ■ ■ ■ ■ ❍ ◆ No Transmit Buffers ■ ■ ■ ■ ■ ■ ❍ ◆ ◆ *NS NS ❍ Number of Names ● ● ● ● Opcode ■ ■ ■ ■ Opcode Reply Flag ❍ ◆ ● ● ❍ ◆ ■ ■ ❍ ◆ ❍ ◆ ■ 4620-1 appB.f.qc 10/28/99 12:34 PM Page 797 797 Appendix B: Protocol Definitions ■ Owner IP Address + Owner Node Type ■ ■ ■ ■ Packet Flags ● ● Packet Length ■ Packet Offset ◆ ● ● ● ● ❍ ◆ ■ ■ ■ ■ ■ ❍ ◆ ■ ■ ■ ■ ■ ■ ❍ ◆ Packet Size ■ ■ ■ ■ ■ ■ ❍ ◆ Packet Type ● ● ● ● ● ● ❍ ◆ Pending Sessions ■ ■ ■ ■ ■ ■ ❍ ◆ Question Class ■ ■ ■ ■ ■ ■ ❍ ◆ Question Count ■ ■ ■ ■ ■ ■ ❍ ◆ ❍ ◆ <= ■ ❍ >= ■ < ◆ > ❍ <> Includes Relations Exists Protocol Name/Properties Contains ■ Question Name Question Type ■ ■ ■ ■ ■ ■ ❍ ◆ RDATA Length ■ ■ ■ ■ ■ ■ ❍ ◆ Received ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ Reserved ■ ■ ■ ■ ■ ■ ❍ ◆ Reserved Flags ● ● ● ● ● ● ❍ ◆ *Reserved Packet Flags ● ● ● ● ● ● ❍ ◆ ● ● Reserved Packet Flags Reserved Record Class ● ● ● ● ● ● ❍ ◆ Resource Record Flags ■ ■ ■ ■ ■ ■ ❍ ◆ ❍ ◆ Resource Record Name Resource Record Type ■ ■ ■ ■ ■ ■ ❍ ◆ Result Code ■ ■ ■ ■ ■ ■ ❍ ◆ Retarget IP Address + ❍ ◆ Retarget Port ■ ■ ■ ■ ■ ■ ❍ ◆ Session Service Error Code ● ● ● ● ● ● ❍ ◆ Source End-Node Type ● ● ● ● ● ● ❍ ◆ Source IP Address + ❍ ◆ Continued 4620-1 appB.f.qc 798 10/28/99 12:34 PM Page 798 Appendixes ■ ■ ■ ■ ■ ■ ■ Includes Source Port Exists Source Name Contains <= >= < > Relations (continued) <> Protocol Name/Properties ❍ ◆ ■ ❍ ◆ ◆ *SS SS ❍ SS Data ❍ ◆ ❍ ◆ ◆ *SS: Session Message Cont. SS: Session Message Cont. ❍ ❍ ◆ T1 Timeouts ■ ■ ■ ■ ■ ■ ❍ ◆ Ti Timeouts ■ ■ ■ ■ ■ ■ ❍ ◆ Time to Live ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ Transmitted ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ Transaction ID ■ ■ ■ ■ ■ ■ ❍ ◆ Transmit Aborts ■ ■ ■ ■ ■ ■ ❍ ◆ Version Major ● ● ● ● ● ● ❍ ◆ Version Minor ● ● ● ● ● ● ❍ ◆ Netlogon (MS Netlogon Broadcasts) ❍ ❍ ❍ ◆ ▲ ❍ ◆ Allowable Account Control Bits Summary ❍ ◆ ▲ Computer Name ❍ ◆ Allowable Account Control Bit *Allowable Account Control Bits Summary ▲ ▲ ▲ ▲ ▲ Database Index ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ Date and Time ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ ◆ *DB Change Info Summary DB Change Info Summary ❍ DB Count ▲ ▲ ▲ ▲ ▲ ❍ ◆ ▲ ❍ ◆ ❍ ◆ Domain Name Domain SID ❍ Domain SID Size ▲ ▲ ▲ ▲ Large Serial Number × × × × ❍ ◆ ▲ ▲ ❍ ◆ × × ❍ ◆ ▲ 4620-1 appB.f.qc 10/28/99 12:34 PM Page 799 799 Appendix B: Protocol Definitions >= <= Exists Includes LM20 Token ■ ■ ■ ■ ■ ■ ❍ ◆ LMNT Token ■ ■ ■ ■ ■ ■ ❍ ◆ ❍ ◆ ▲ ❍ ◆ ❍ ◆ × × ❍ ◆ Logon Server Name Low Serial Number ▲ ▲ ▲ ▲ ▲ Mailslot Name × × Contains Relations < Protocol Name/Properties > ■ <> ■ NT Date and Time × × NT Version ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ Opcode ■ ■ ■ ■ ■ ■ ❍ ◆ Pad ● ● ● ● ● ● ❍ ◆ ❍ ◆ Primary DC Name Pulse ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ Random ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ Request Count ■ ■ ■ ■ ❍ ◆ ❍ ◆ ■ ■ Script Name *Signature ● ● ● ● ● ● ❍ ◆ Signature ■ ■ ■ ■ ■ ■ ❍ ◆ ◆ *Summary ❍ ◆ Unicode Computer Name ❍ ◆ Unicode Domain Name ❍ ◆ Unicode Logon Server ❍ ◆ Unicode Primary DC Name ❍ ◆ Unicode User Name ❍ ◆ ■ ❍ ◆ ❍ ◆ Summary Update Type ❍ ■ ■ ■ ■ ■ User Name Workstation Major Version ● ● ● ● ● ● ❍ ◆ Workstation Minor Version ● ● ● ● ● ● ❍ ◆ Workstation OS Version ● ● ● ● ● ● ❍ ◆ SMB (Server Message Block Protocol) ❍ ❍ Continued 4620-1 appB.f.qc 800 10/28/99 12:34 PM Page 800 Appendixes ■ ■ Includes Exists Contains <= >= < > Relations (continued) <> Protocol Name/Properties ❍ ◆ ▲ ▲ ❍ ◆ ❍ ◆ ▲ ■ ❍ ◆ Account Name ❍ ◆ ACE ❍ ◆ ■ ❍ ◆ ❍ ◆ ● Access Mask Standard Flags Access Mask Summary ▲ ▲ ▲ ▲ ▲ Access Mask Token Specific Flag Access Mode ACE Count ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ACE Flags ACE Flags Summary ● ● ● ● ● ● ❍ ◆ ACE Size ■ ■ ■ ■ ■ ■ ❍ ◆ ACE Type ● ● ● ● ● ● ❍ ◆ ACL Size ■ ■ ■ ■ ■ ■ ❍ ◆ Action Taken ■ ■ ■ ■ ■ ■ ❍ ◆ Action Taken Flags ■ ■ ■ ■ ■ ■ ❍ ◆ Allocation ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ Available Allocation Units (NT) × × × × × × ❍ ◆ Bad SMB Error Code ■ ■ ■ ■ ■ ■ ❍ ◆ Block Mode ■ ■ ■ ■ ■ ■ ❍ ◆ ❍ ◆ ■ Block Mode Flags Blocking ● ● ● ● ● ● ❍ ◆ Blocks Per Unit ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ Blocks Per Unit (WORD) ■ ■ ■ ■ ■ ■ ❍ ◆ Boolean IS Directory ● ● ● ● ● ● ❍ ◆ Boolean Volume Supports Object ● ● ● ● ● ● ❍ ◆ Buffer Length ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ Byte Count ■ ■ ■ ■ ❍ ◆ ❍ ❍ ◆ ■ ■ Byte Parameters Bytes Left ■ ■ ■ ■ ■ ■ ❍ ◆ Bytes Per Block ■ ■ ■ ■ ■ ■ ❍ ◆ 4620-1 appB.f.qc 10/28/99 12:34 PM Page 801 801 Appendix B: Protocol Definitions ■ ■ Contains Exists ▲ ▲ ❍ ◆ Bytes Remaining in Message ■ ■ ■ ■ ■ ■ ❍ ◆ Bytes Remaining in Pipe ■ ■ ■ ■ ■ ■ ❍ ◆ Caching Mode ■ ■ ■ ■ ■ ■ ❍ ◆ Capabilities ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ ❍ ◆ ▲ Capabilities Flags Change Count ■ ■ ■ ■ ■ ■ ❍ ◆ Change Time ◗ ◗ ◗ ◗ ◗ ❍ ◆ Command ● ● ● ● ● ● ❍ ◆ Common Header ❍ ❍ ◆ Computer Name ❍ ❍ ◆ Copy Flags ■ ■ ■ ■ ■ ■ ❍ ◆ Create Action ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ Create Disposition ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ Create Flags Dword ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ ❍ ◆ ▲ ▲ ❍ ◆ ❍ ◆ ▲ ◗ ❍ ◆ ❍ ◆ ◗ Create Flags flags Create Options ▲ ▲ ▲ ▲ ▲ Create Option Bits Creation Time ◗ ◗ ◗ ◗ ◗ Data Data Bytes ■ ■ ■ ■ ■ ■ ❍ ◆ Data Count ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ Data Displacement ■ ■ ■ ■ ■ ■ ❍ ◆ Data Displacement (NT) ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ Data Length ■ ■ ■ ■ ■ ■ ❍ ◆ Data Offset ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ Data Offset ■ ■ ■ ■ ■ ■ ❍ ◆ Desired Access ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ ❍ ◆ ▲ Desired Access Flags Includes <= ▲ ▲ ▲ > ▲ <> Bytes Per Block (NT) = >= Relations < Protocol Name/Properties Continued 4620-1 appB.f.qc 802 10/28/99 12:34 PM Page 802 Appendixes Destination Mode ■ ■ Destination Name ❍ Destination Tree ID (TID2) ■ ■ ■ ■ Destination Type ■ ■ Device State ■ ■ ❍ ◆ ■ ■ ❍ ◆ ■ ■ ■ ■ ❍ ◆ ■ ■ ■ ■ ❍ ◆ DFS 8.3 Filename ❍ ◆ *DFS Expanded Name ❍ ◆ DFS Filename ❍ ◆ ■ < ■ ■ Contains ◆ <= ■ ❍ >= Includes Relations (continued) Exists Protocol Name/Properties > ■ <> ■ DFS Max Referral Level ■ ■ ■ ■ ■ ■ ❍ ◆ DFS Number of Referrals ■ ■ ■ ■ ■ ■ ❍ ◆ *DFS Number of Expanded Names ■ ■ ■ ■ ■ ■ ❍ ◆ DFS Path Consumed ■ ■ ■ ■ ■ ■ ❍ ◆ DFS Proximity ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ ❍ ◆ ▲ ❍ ◆ ❍ ◆ ▲ ❍ ◆ ■ ❍ ◆ DFS Sharename ❍ ◆ *DFS Special Name ❍ ◆ DFS Request Filename DFS Server Function ▲ ▲ ▲ ▲ ▲ DFS Server Function Flags *DFS Server Site GUID ❍ DFS Server Type ■ ■ ■ ■ ■ DFS Strip Path ■ ■ ■ ■ ■ ■ ❍ ◆ DFS Time to Live ■ ■ ■ ■ ■ ■ ❍ ◆ DFS Version 1 Referral ❍ ◆ DFS Version 2 Referral ❍ ◆ *DFS Version 3 Referral ❍ ◆ ■ ❍ ◆ DFS Version Number ■ ■ ■ ■ ■ Dialect Strings ❍ ❍ ◆ Dialect Strings Understood ❍ ❍ ◆ Directory Entry ❍ ❍ ◆ 4620-1 appB.f.qc 10/28/99 12:34 PM Page 803 803 Appendix B: Protocol Definitions ■ ■ <= Contains Exists ■ ■ ■ ■ ❍ ◆ Discretionary ACL (DACL) ❍ ◆ Domain Name ❍ ◆ DOS Error Code ■ ■ ■ ■ ■ ■ ❍ ◆ EA Offset Error ■ ■ ■ ■ ■ ■ ❍ ◆ EA Size ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ Echo Reverb ■ ■ ■ ■ ■ ■ ❍ ◆ Echo Sequence ■ ■ ■ ■ ■ ■ ❍ ◆ Encrypted Password ❍ ❍ ◆ Encryption Key ● ● ● ● ● ● ❍ ◆ Encryption Key Length ● ● ● ● ● ● ❍ ◆ Encryption Key Offset ■ ■ ■ ■ ■ ■ ❍ ◆ End of File × × × × × × ❍ ◆ End of Search ■ ■ ■ ■ ■ ■ ❍ ◆ Error Class ● ● ● ● ● ● ❍ ◆ Error Code ■ ■ ■ ■ ■ ■ ❍ ◆ ❍ ◆ Errored Path Exist Action ■ ■ ■ ■ ■ ■ ❍ ◆ Extended Attribute List ■ ■ ■ ■ ■ ■ ❍ ◆ Extended Attributes ■ ■ ■ ■ ■ ■ ❍ ◆ Extended OS Error Code ■ ■ ■ ■ ■ ■ ❍ ◆ File Allocation Size × × × × × ❍ ◆ File Attribute Flags ❍ ◆ ▲ File Attributes ❍ ◆ ▲ × File Attributes ■ ■ ■ ■ ■ ■ ❍ ◆ File Creation Time ◗ ◗ ◗ ◗ ◗ ◗ ❍ ◆ File Creation Time (sec) ◗ ◗ ◗ ◗ ◗ ◗ ❍ ◆ File ID (FID) ■ ■ ■ ■ ■ ■ ❍ ◆ File Index ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ Includes >= ■ < ■ > <> Disconnect Flag Relations = Protocol Name/Properties Continued 4620-1 appB.f.qc 804 10/28/99 12:34 PM Page 804 Appendixes ■ ■ Exists Includes File Name Contains <= >= < > Relations (continued) <> Protocol Name/Properties ❍ ◆ File Name Length ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ File Offset ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ File Offset (NT) × × × × ❍ ◆ File Offset, High ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ File Share Access ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ File Size ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ ❍ ◆ ▲ × × File System Info File System Info Summary ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ File Type ■ ■ ■ ■ ■ ■ ❍ ◆ Files Copied ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ Find Count ■ ■ ■ ■ ■ ■ ❍ ◆ Find Entry ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ Find Flags ■ ■ ■ ■ ❍ ◆ ❍ ◆ ■ ■ ❍ ◆ ■ ■ Find Flags Detail Find Handle ■ ■ ■ ■ ■ Find Key ❍ ❍ ◆ Find Key (client) ❍ ❍ ◆ Find Key (server) ❍ ❍ ◆ Find Key ID ● ● ● ● ● ● ❍ ◆ Find Key Length ■ ■ ■ ■ ■ ■ ❍ ◆ Find Resume Key ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ ❍ ◆ ● ● ❍ ◆ ❍ ◆ ■ Flags Flags Summary ● ● ● ● ● Flags 2 Flags2 Summary ■ ■ ■ ■ ■ ■ ❍ ◆ Free Allocation Units ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ Free Units (WORD) ■ ■ ■ ■ ■ ■ ❍ ◆ FSCTL Function ■ ■ ■ ■ ■ ■ ❍ ◆ 4620-1 appB.f.qc 10/28/99 12:34 PM Page 805 805 Appendix B: Protocol Definitions ■ ■ Includes Exists ■ ■ ■ ■ ■ ❍ ◆ Group ID ■ ■ ■ ■ ■ ■ ❍ ◆ ❍ ◆ < ■ > FSCTL Method <> <= Contains Relations >= Protocol Name/Properties Group SID Guest Logon ■ ■ ■ ■ ■ ■ ❍ ◆ Hard Error Code ■ ■ ■ ■ ■ ■ ❍ ◆ I/O Bytes ■ ■ ■ ■ ■ ■ ❍ ◆ Impersonation Level ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ Info Level ■ ■ ■ ■ ■ ■ ❍ ◆ Instance Count ● ● ● ● ● ● ❍ ◆ IOCTL Category ■ ■ ■ ■ ■ ■ ❍ ◆ IOCTL Data ● ● ● ● ● ● ❍ ◆ IOCTL Function ■ ■ ■ ■ ■ ■ ❍ ◆ IOCTL Parameters ● ● ● ● ● ● ❍ ◆ IPX Group ID ■ ■ ■ ■ ■ ■ ❍ ◆ IPX Key ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ IPX Sequence Num ■ ■ ■ ■ ■ ■ ❍ ◆ IPX Session ID ■ ■ ■ ■ ■ ■ ❍ ◆ Kerberos Ticket ❍ ❍ ◆ Lanman Destination Name ❍ ◆ Lanman Source Name ❍ ◆ Last Access Time ◗ ◗ ◗ ◗ ◗ ◗ ❍ ◆ Last Access Time (sec) ◗ ◗ ◗ ◗ ◗ ◗ ❍ ◆ Last Modify Time ◗ ◗ ◗ ◗ ◗ ◗ ❍ ◆ Last Modify Time (sec) ◗ ◗ ◗ ◗ ◗ ◗ ❍ ◆ Last Name ■ ■ ■ ■ ■ ■ ❍ ◆ Last Write Time ◗ ◗ ◗ ◗ ◗ ❍ ◆ Locality ■ ■ ■ ■ ■ ■ ❍ ◆ Lock Bytes ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ Lock Length ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ ◗ Continued 4620-1 appB.f.qc 806 10/28/99 12:34 PM Page 806 Appendixes ■ × Lock Range ❍ Lock Status ■ ■ ■ ■ Lock Type ■ ■ ■ ■ ◆ ■ ■ ❍ ◆ ■ ■ ❍ ◆ ❍ ◆ ■ <= ❍ >= ◆ < × ❍ > Includes Lock Length (NT) Exists Relations (continued) <> Protocol Name/Properties Contains ■ × × × × Lock Type Flags Mailslot Class ■ ■ ■ ■ ■ ■ ❍ ◆ Mailslot Opcode ■ ■ ■ ■ ■ ■ ❍ ◆ Major Version ● ● ● ● ● ● ❍ ◆ Max Buffer Size ■ ■ ■ ■ ■ ■ ❍ ◆ Max Component Name Length ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ Max Count ■ ■ ■ ■ ■ ■ ❍ ◆ Max Data Bytes ■ ■ ■ ■ ■ ■ ❍ ◆ Max Data Count ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ Max MPX Requests ■ ■ ■ ■ ■ ■ ❍ ◆ Max Parameter Count ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ Max Parm Bytes ■ ■ ■ ■ ■ ■ ❍ ◆ Max Print Jobs ■ ■ ■ ■ ■ ■ ❍ ◆ Max Raw Size ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ Max Setup Words ● ● ● ● ● ● ❍ ◆ Max Setup Words ■ ■ ■ ■ ■ ■ ❍ ◆ Max Transmit Size ■ ■ ■ ■ ■ ■ ❍ ◆ Max VCs ■ ■ ■ ■ ■ ■ ❍ ◆ Min Count ■ ■ ■ ■ ■ ■ ❍ ◆ Minor Version ● ● ● ● ● ● ❍ ◆ Multiplex ID (MID) ■ ■ ■ ■ ■ ■ ❍ ◆ Name Length ● ● ● ● ● ● ❍ ◆ Name Length (NT) ■ ■ ■ ■ ■ ■ ❍ ◆ Native FS ● ● ● ● ● ● ❍ ◆ ❍ ◆ Native Lanman 4620-1 appB.f.qc 10/28/99 12:34 PM Page 807 807 Appendix B: Protocol Definitions ■ ■ Negotiate Encryption Key ❍ New Path Includes Native OS Exists Contains <= >= < > Relations <> Protocol Name/Properties ❍ ◆ ❍ ◆ ❍ ◆ Next Offset ■ ■ ■ ■ ■ ■ ❍ ◆ No-Exist Action ■ ■ ■ ■ ■ ■ ❍ ◆ Notify Completion Filter ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ ❍ ◆ ▲ Notify Completion Filter Flags Notify Watch Tree ● ● ● ● ● ● ❍ ◆ NT File Attributes ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ NT IOCTL Function Code ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ NT Last Access Time ◗ ◗ ◗ ◗ ❍ ◆ NT Max Buffer Size ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ NT Status Code ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ NT Status Code System Error ■ ■ ■ ■ ■ ■ ❍ ◆ NT Status Code System Information ■ ■ ■ ■ ■ ■ ❍ ◆ NT Status Code System Success ■ ■ ■ ■ ■ ■ ❍ ◆ NT Status Code System Warning ■ ■ ■ ■ ■ ■ ❍ ◆ NT Status Customer Code ● ● ● ● ● ● ❍ ◆ NT Status Facility ■ ■ ■ ■ ■ ■ ❍ ◆ NT Status Reserved Bit ● ● ● ● ● ● ❍ ◆ NT Status Severity Code ● ● ● ● ● ● ❍ ◆ NT Transact Flags ■ ■ ■ ■ ■ ■ ❍ ◆ Number of Locks ■ ■ ■ ■ ■ ■ ❍ ◆ Number of Print Jobs ■ ■ ■ ■ ■ ■ ❍ ◆ Number of Unlocks ■ ■ ■ ■ ■ ■ ❍ ◆ ❍ ◆ ■ ◗ ◗ Open Flags Open Flags Summary ■ ■ ■ ■ ■ ■ ❍ ◆ Open Function ■ ■ ■ ■ ■ ■ ❍ ◆ Open Mode ■ ■ ■ ■ ■ ■ ❍ ◆ Continued 4620-1 appB.f.qc 808 10/28/99 12:34 PM Page 808 Appendixes ■ ■ ■ Includes >= ■ Exists < Open Mode FCB Open Contains Relations (continued) <= Protocol Name/Properties > ■ <> ■ ■ ■ ❍ ◆ ❍ ◆ ■ Open Mode File Access Open Mode Files Sharing ■ ■ ■ ■ ■ ■ ❍ ◆ Open Timeout ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ Oplock Level ● ● ● ● ● ● ❍ ◆ Optional Support ■ ■ ■ ■ ■ ■ ❍ ◆ ❍ ◆ ■ ❍ ◆ ❍ ◆ Optional Support Flags Originator Name ❍ Owner SID Parameter Bytes ■ ■ ■ ■ ■ ■ ❍ ◆ Parameter Count ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ Parameter Displacement ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ Parameter Displacement ■ ■ ■ ■ ■ ■ ❍ ◆ Parameter Offset ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ Parameter Offset ■ ■ ■ ■ ■ ■ ❍ ◆ Password ● ● ● ● ● ● ❍ ◆ Password Length ■ ■ ■ ■ ■ ■ ❍ ◆ Path NameX ❍ ❍ ◆ Pipe Endpoint ● ● ● ● ● ● ❍ ◆ Pipe Function ■ ■ ■ ■ ■ ■ ❍ ◆ Pipe Status ■ ■ ■ ■ ■ ■ ❍ ◆ Pipe Type ● ● ● ● ● ● ❍ ◆ Print Job Info ● ● ● ● ● ● ❍ ◆ Print Job Status ● ● ● ● ● ● ❍ ◆ Print Job Time ■ ■ ■ ■ ■ ■ ❍ ◆ Process High ID ■ ■ ■ ■ ■ ■ ❍ ◆ Process ID (PID) ■ ■ ■ ■ ■ ■ ❍ ◆ Protocol Index ■ ■ ■ ■ ■ ■ ❍ ◆ QFS Info Level ■ ■ ■ ■ ■ ■ ❍ ◆ 4620-1 appB.f.qc 10/28/99 12:34 PM Page 809 809 Appendix B: Protocol Definitions ■ ■ Query Mode Includes Exists Contains <= >= < > Relations <> Protocol Name/Properties ❍ ◆ ■ Query Mode ■ ■ ■ ■ ■ ■ ❍ ◆ Read Mode ● ● ● ● ● ● ❍ ◆ Read-Ahead ■ ■ ■ ■ ■ ■ ❍ ◆ Recognized as FSCTL ● ● ● ● ● ● ❍ ◆ Rename Flags ■ ■ ■ ■ ■ ■ ❍ ◆ ❍ ◆ ■ Rename Flags Reserved Byte ● ● ● ● ● ● ❍ ◆ Reserved Dword ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ Reserved Word ❏ ❍ ◆ RMX Error Code ■ ■ ■ ■ ■ ■ ❍ ◆ Root Dir FID ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ Search Attributes ■ ■ ■ ■ ■ ■ ❍ ◆ Search Count ■ ■ ■ ■ ■ ■ ❍ ◆ ❍ ◆ ❍ ◆ ■ ❍ ◆ ● ❍ ◆ Search Path Security Descriptor Control Summary Security Descriptor Control Summary Security Flag Bits Security Flags Security Identifier Authority ❍ Security Identifier Offset to the Group SID ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ Security Identifier Offset to the Owner SID ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ ❍ ◆ Security Identifier Sub Authority ✓ Security Identifier Sub Authority Count ● ● ● ● ● ● ❍ ◆ Security Information ■ ■ ■ ■ ■ ■ ❍ ◆ Security Information Flags ❍ ◆ ■ Security Mode ❍ ◆ ● Security Mode Summary (NT) ● ● ● ● ● ● ❍ ◆ Security Mode Summary (WORD) ■ ■ ■ ■ ■ ■ ❍ ◆ Continued 4620-1 appB.f.qc 810 10/28/99 12:34 PM Page 810 Appendixes ■ ■ Exists Includes Contains ■ ■ ❍ ◆ ■ ■ ■ ■ ❍ ◆ ■ ■ ■ ■ ❍ ◆ ❍ ◆ ■ ■ ❍ ◆ ◗ ◗ ❍ ◆ ■ ■ ■ ■ ❍ ◆ ■ ■ ■ ■ ❍ ◆ ❍ ◆ ▲ ▲ ❍ ◆ ❍ ◆ Security Object Revision ❍ Seek Mode ■ ■ ■ ■ Server Announce Opcode ■ ■ Server Announce Rate ■ ■ Server Comment ❍ Server Error Code ■ ■ ■ ■ Server Time ◗ ◗ ◗ Server Time ■ ■ Server Time Zone ■ ■ ◗ <= ◆ >= ❍ < > Relations (continued) <> Protocol Name/Properties Service Flags Service Flags Summary ▲ ▲ ▲ ▲ ▲ Service Name ❍ Session Key ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ Set File Info Level ■ ■ ■ ■ ■ ■ ❍ ◆ Setup Action ■ ■ ■ ■ ■ ■ ❍ ◆ Setup Count ● ● ● ● ● ● ❍ ◆ Setup Words ❍ ❍ ◆ ❍ ◆ ▲ ❍ ◆ Sharing Bits Short File Name Short Name Length ● ● ● ● ● ● ❍ ◆ Signature ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ SMB Status ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ Source Mode ■ ■ ■ ■ ■ ■ ❍ ◆ Spool Header Size ■ ■ ■ ■ ■ ■ ❍ ◆ Spool Mode ■ ■ ■ ■ ■ ■ ❍ ◆ Spool Restart Index ■ ■ ■ ■ ■ ■ ❍ ◆ Spool Start Index ■ ■ ■ ■ ■ ■ ❍ ◆ Summary ❍ ❍ ◆ Supported Services ■ ■ ❍ ◆ ■ ■ ■ ■ 4620-1 appB.f.qc 10/28/99 12:34 PM Page 811 811 Appendix B: Protocol Definitions ■ T2 I/O Flags Includes < ▲ > ▲ ▲ ▲ Exists ▲ <= System ACL (SACL) >= Relations <> Protocol Name/Properties Contains ■ ▲ ❍ ◆ ❍ ◆ ■ T2 I/O Flags Summary ■ ■ ■ ■ ■ ■ ❍ ◆ Total Allocation Units ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ Total Allocation Units (NT) × × × × × × ❍ ◆ Total Data Bytes ■ ■ ■ ■ ■ ■ ❍ ◆ Total Data Count ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ Total Parameter Count ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ Total Parm Bytes ■ ■ ■ ■ ■ ■ ❍ ◆ Total Units (WORD) ■ ■ ■ ■ ■ ■ ❍ ◆ ❍ ◆ ■ Transact Flags Summary Transact Flags Summary ■ ■ ■ ■ ■ ■ ❍ ◆ Transact Function ■ ■ ■ ■ ■ ■ ❍ ◆ Transact Timeout ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ Transact2 Function ■ ■ ■ ■ ❍ ◆ Transaction Data ❍ ❍ ◆ Transaction Parameters ❍ ❍ ◆ Transaction Priority ■ ■ ■ ■ ■ ■ ❍ ◆ Tree Copy ■ ■ ■ ■ ■ ■ ❍ ◆ Tree ID (TID) ■ ■ ■ ■ ■ ■ ❍ ◆ Unicode Password Length ■ ■ ■ ■ ■ ■ ❍ ◆ Unique File ID ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ Unlock Range ❍ ❍ ◆ User ID (UID) ■ ■ ■ ■ ■ ■ ❍ ◆ VC Number ■ ■ ■ ■ ■ ■ ❍ ◆ Verify ■ ■ ■ ■ ■ ■ ❍ ◆ Volume Creation Time ◗ ◗ ◗ ◗ ◗ ❍ ◆ ❍ ◆ ■ ❍ ◆ ■ ■ ◗ Volume Name Volume Name Size ■ ■ ■ ■ ■ Continued 4620-1 appB.f.qc 812 10/28/99 12:34 PM Page 812 Appendixes ■ ■ Includes Exists ▲ ▲ ▲ ▲ ▲ ❍ ◆ Volume Time ◗ ◗ ◗ ◗ ◗ ❍ ◆ Word Count ● ● ● ● ● ● ❍ ◆ Word Count ● ● ● ● ● ● ❍ ◆ Word Parameters ❏ ❍ ◆ Write Mode ■ ■ ❍ ◆ ❍ ◆ ■ ■ < ▲ > Volume Serial Number <> <= Contains Relations (continued) >= Protocol Name/Properties ◗ ■ ■ ■ Write Mode Flags TCP (Transmission Control Protocol) ❍ ❍ Acknowledgement Number ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ Checksum ■ ■ ■ ■ ❍ ◆ ❍ ◆ ■ ■ Data Data Offset ● ● ● ● ● ● ❍ ◆ Destination Port ■ ■ ■ ■ ■ ■ ❍ ◆ Flags ● ● ● ● ● ● ❍ ◆ ❍ ◆ Frame Padding Invalid Option ■ ■ ■ ■ ■ ■ ❍ ◆ *Left Edge of Block ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ *Malformed Option ❍ ◆ *Maximum Segment Size ❍ ◆ *Maximum Segment Size Option ❍ ◆ ❍ ◆ *Option Data ❍ Option End ● ● ● ● ● ● ❍ ◆ Option Kind (Maximum Segment Size) ● ● ● ● ● ● ❍ ◆ Option Length ● ● ● ● ● ● ❍ ◆ Option MaxSegSize ● ● ● ● ● ● ❍ ◆ Option Nop ● ● ● ● ● ● ❍ ◆ ❍ ◆ *Option Padding *Option Type ● ● ● ● ● ● ❍ ◆ Option Value ■ ■ ■ ■ ■ ■ ❍ ◆ 4620-1 appB.f.qc 10/28/99 12:34 PM Page 813 813 Appendix B: Protocol Definitions ■ ■ Options Includes Exists Contains <= >= < > Relations <> Protocol Name/Properties ❍ ◆ Padding ■ ■ ■ ■ ■ ■ ❍ ◆ *Reply Timestamp ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ Reserved ■ ■ ■ ■ ■ ■ ❍ ◆ *Right Edge of Block ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ *SACK Option ❍ ◆ *SACK Permitted Option ❍ ◆ Sequence Number ▲ ▲ ▲ ▲ ▲ ▲ ❍ ◆ Source Port ■ ■ ■ ■ ■ ■ ❍ ◆ ◆ *Summary ❍ ◆ ❍ ◆ ● ❍ ◆ ▲ ❍ ◆ Unknown Option ❍ ◆ *Unrecognized Option ❍ ◆ Summary ❍ TCP Flags *Timestamp *Timestamps Option ▲ ▲ ▲ ▲ ▲ Urgent Pointer ■ ■ ■ ■ ■ ■ ❍ ◆ Window ■ ■ ■ ■ ■ ■ ❍ ◆ *Window Scale ● ● ● ● ● ● ❍ ◆ ❍ ◆ *Window Scale Option 4620-1 appB.f.qc 10/28/99 12:34 PM Page 814
