FAQ   Search   Events   Register   Login

Process Monitor causing additional SMB requests?

 Author Message    Topic Search   Topic Options pwmealey Newbie Joined: 09 November 2017 Status: Offline Points: 2 Post Options    Thanks(0)    Quote  Reply Topic: Process Monitor causing additional SMB requests?    Posted: 09 November 2017 at 6:10pm I am monitoring the behavior of an application that is accessing a network file share using procmon and WireShark and I have noticed that the network traces that I capture while procmon is running are dffierent than the network traces that I capture when procmon is not running.  Specifically, the traces taken when procmon is running contain SMB "find" requests with a search string of "*" for each directory in the path to a file that is accessed.  For example, if my application opens a file at "\\fileserver\share\$\a\b\c\d.txt", the network trace shows that SMB find requests were issued for \\fileserver\share\$, \\fileserver\share\$\a, \\fileserver\share\$\a\b, and \\fileserver\share\$\a\b\c.  There are also a corresponding set of SMB "create" commands issued (the SMB create commands are actually just "open" commands in this context).  Note that these find and create commands only show up in the network trace and do not show up in the procmon output and they only show up in the trace if I am running procmon.Is this expected behavior --in other words, is procmon issuing those additional commands in order to provide additional information about the monitored events?  If not, are you aware of some side effect of monitoring a program that would account for the extra SMB commands?
 Post Reply Tweet

 Forum Jump -- Select Forum --  Autoruns  BgInfo  Disk2vhd  Miscellaneous Utilities  Process Explorer  Process Monitor  PsTools  RootkitRevealer Usage  RootkitRevealer Logs  Utilities Suggestions  Internals  Development  Troubleshooting  Malware  Site Bugs  Site Suggestions Forum Permissions You cannot post new topics in this forumYou cannot reply to topics in this forumYou cannot delete your posts in this forumYou cannot edit your posts in this forumYou cannot create polls in this forumYou cannot vote in polls in this forum

Forum Software by Web Wiz Forums® version 11.06
Copyright ©2001-2016 Web Wiz Ltd.