Lab 8: Microsoft File Sharing

In Microsoft networks file sharing is central to the network's operation. Files stored on remote computers can be accessed and shared between user workstations attached to the network.
In a DOS environment drive letters that point to folders on the remote computer facilitate the sharing of files. The NET USE command allows such drive mappings to be observed and new ones created.
This lab involves configuring two student machines to share files using the GUI and then using the DOS prompt.
Work in pairs. Designate one machine as the server and the other as the client.

Using the GUI

?At the server complete the following:
?Open "My Computer", click on C:, right click, sharing, Share as C
?Right click "Network Neighbourhood" to bring up the Network Control Panel. Under the Identification tab you will see the name of your machine.

?At the client
?Double click Network Neighbourhood, find the server ( the name you figured out above ), and click on the share name.
?Map a drive to it.
?From "My Computer" access the drive letter that you have mapped
?You should now be looking at the entire contents of the server's C: drive From DOS

There is no straightforward way to perform the server configuration from DOS but the client side is well-supported.

?Bring up a DOS command prompt on the client machine
?Type NET VIEW - this will display a list of all the servers on your network
?Type NET VIEW \\<the name of your server - this will display the share names on your server
?Type NET USE - this will show the drive mapping that you established in the GUI portion of this lab
?Type NET USE <A free drive letter: \\<your server name\<your share name
Using NetXRay to view Microsoft file sharing

Microsoft uses a very complex set of protocols to implement its file sharing ( at least compared to what we have looked at so far ) so this exercise is best completed using the following setup:
- At the server create a new directory that contains a single text file. This will limit the number of packets that are generated when you look at the files
- At the client work from the DOS prompt. This eliminates extra traffic that is to do with maintaining the GUI view of the server.

?At the client change to the directory that you have just created on the server and type DIR. This should show you the one sample file in the directory.
?Start a NetXray capture with an address filter set to the addresses of your client and server. You can do this on either machine but you will need to discover the MAC address of the "remote" machine by running WINIPCFG on that machine.
?Repeat the DIR and view the capture
?You should see the first few packets taken up by SMB "SearchDirectory" requests and replies. You need to create a filter that will exclude these. See the note below if you are unclear how to do this.
?Restart the capture, repeat the DIR and view the capture
?This capture should begin with a "Find First Name" request and the reply to this request. If you rearrange your NetXRay windows so that you can see the raw data in the packets you should be able to see how the client retrieves the name of the file in the directory. By "drilling down" through the decode of the SMB header you should be able to discover where this information fits into SMB ( do not try to understand the whole of the SMB header! )

If you are keen you can take this a step or two further and view the packets generated when a file is opened and read:
?Use the command "TYPE < the name of your file" at the client.
?You will be perfoming a series of captures, adding to the set of data that you are excluding at each step. There follows a possible series of steps:
StepExcludeSample CaptureWhat do you see?
1As already setFinding the file:
"Find First"
2Exclude "Transaction2""Open File"
"Seek in File"
3Exclude "Open""Seek"
"Read" ( look for the text from the file )
"Close" ( if the file was small! )
Using a data pattern filter to exclude data
?Capture some packets that include the data that you want to exclude ( or include )
?Use Capture Filter Settings, Data Pattern to bring up the data pattern screen. Make sure that the top line of the filter definition is highlit.
?To exclude packets with certain data use Add NOT followed by Add Pattern. The Edit Pattern dialog includes a browser that looks at the packets that you have just captured. Find a packet that includes the data that you want to exclude, highlight the data, and use Set Data to automatically fill out the fields at the top of the form.
?To exclude several different values you require a series of NOT/PAT pairs that are ANDed together. The top line ( blue AND ) can be toggled between AND and OR by clicking or using the button provided.