Sysinternals Homepage
Forum Home Forum Home > Sysinternals Utilities > Process Monitor
  New Posts New Posts RSS Feed - Process Monitor causing additional SMB requests?
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Process Monitor causing additional SMB requests?

 Post Reply Post Reply
pwmealey View Drop Down

Joined: 09 November 2017
Status: Offline
Points: 2
Post Options Post Options   Thanks (0) Thanks(0)   Quote pwmealey Quote  Post ReplyReply Direct Link To This Post Topic: Process Monitor causing additional SMB requests?
    Posted: 09 November 2017 at 6:10pm
I am monitoring the behavior of an application that is accessing a network file share using procmon and WireShark and I have noticed that the network traces that I capture while procmon is running are dffierent than the network traces that I capture when procmon is not running.  Specifically, the traces taken when procmon is running contain SMB "find" requests with a search string of "*" for each directory in the path to a file that is accessed.  For example, if my application opens a file at "\\fileserver\share$\a\b\c\d.txt", the network trace shows that SMB find requests were issued for \\fileserver\share$, \\fileserver\share$\a, \\fileserver\share$\a\b, and \\fileserver\share$\a\b\c.  There are also a corresponding set of SMB "create" commands issued (the SMB create commands are actually just "open" commands in this context).  

Note that these find and create commands only show up in the network trace and do not show up in the procmon output and they only show up in the trace if I am running procmon.

Is this expected behavior --in other words, is procmon issuing those additional commands in order to provide additional information about the monitored events?  If not, are you aware of some side effect of monitoring a program that would account for the extra SMB commands? 

Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 11.06
Copyright ©2001-2016 Web Wiz Ltd.