SMB/CIFS协议解析

1、SMB协议与CIFS协议的区别
     139端口是一种TCP端口，该端口在通过网上邻居访问局域网中的共享文件或共享打印机时就能发挥作用。
445端口也是一种TCP端口，该端口在 Windows 2000 Server或Windows Server 2003系统中发挥的作用与139端口是完全相同的。具体地说，它也是提供局域网中文件或打印机共享服务。不过该端口是基于CIFS协议（通用因特网文件系统协议）工作的，而139端口是基于SMB协议（Server Message Block服务器协议族）对外提供共享服务。
 
NBT(NetBIOS over TCP/IP)
使用137, 138 (UDP) and 139 (TCP）来实现基于TCP/IP的NETBIOS网际互联。
在Windows NT中SMB基于NBT实现。而在Windows2000中，SMB除了基于NBT的实现，还有直接通过445端口实现。
当Win2000（允许NBT)作为client来连接SMB服务器时，它会同时尝试连接139和445端口，如果445端口有响应，那么就发送RST包给139端口断开连接，以455端口通讯来继续.当445端口无响应时，才使用139端口。
当Win2000（禁止NBT)作为client来连接SMB服务器时，那么它只会尝试连接445端口，如果无响应，那么连接失败。（注意可能对方是NT4.0服务器。）
如果win2000服务器允许NBT, 那么UDP端口137, 138, TCP 端口 139, 445将开放。
如果 NBT 被禁止, 那么只有445端口开放。
.
2、SMB协议
SMB是的Server Message Block简写，这个协议用于共享文件，共享打印机，共享串口等用途。我们之所以能够在windows的网络邻居下访问一个域内的其他机器，就是通过这个协议实现的。
    SMB协议是一个很重要的协议，目前绝大多数的PC上都在运行这一协议，windows系统都充当着SMB协议的客户端和服务器，所以SMB是一个遵循客户机服务器模式的协议。SMB服务器负责通过网络提供可用的共享资源给SMB客户机，服务器和客户机之间通过TCP/IP协议、或者IPX协议、或者是NetBEUI进行连接。一旦服务器和客户机之间建立了一个连接，客户机就可以通过向服务器发送命令完成共享操作，比如读，写，检索等。
消息格式:SMB Message分为三个部分
SMB Header, //头部     4byte
SMB Command Header//命令头部    32byte
the Data Block. //数据部分

==================================================================

SMB 头部
数据结构：
typedef unsigned char UCHAR;          // 8 unsigned bits
typedef unsigned short USHORT;        // 16 unsigned bits
typedef unsigned long ULONG;          // 32 unsigned bits
 
typedef struct {
    ULONG LowPart;
    LONG HighPart;
} LARGE_INTEGER;                      // 64 bits of data
 
typedef struct  {
    UCHAR Protocol[4];                // Contains 0xFF,'SMB'
    UCHAR Command;                    // Command code
    union {
        struct {
            UCHAR ErrorClass;         // Error class
            UCHAR Reserved;           // Reserved for future use
            USHORT Error;             // Error code
        } DosError;
        ULONG Status;                 // 32-bit error code
    } Status;
    UCHAR Flags;                      // Flags
    USHORT Flags2;                    // More flags
    union {
        USHORT Pad[6];                // Ensure section is 12 by
        struct {
            USHORT PidHigh;          // High Part of PID
            UCHAR SecuritySignature[8];   // reserved for MAC
       } Extra;
    };
    USHORT Tid;                       // Tree identifier
    USHORT Pid;                       // Caller’s process ID, opaque for
client use
    USHORT Uid;                       // User id
    USHORT Mid;                       // multiplex id
    UCHAR  WordCount;                 // Count of parameter words
} SMB_HEADER;
说明：
1、Tid
Tid represents an instance of an authenticated connection to a server resource.  The server
returns Tid to the client when the client successfully connects to a resource, and the client uses Tid in subsequent requests referring to the resource.
2、Pid Pid is the caller's process id, and is generated by the client to uniquely identify a process within the client computer.
3、Uid Field
Uid is a reference number assigned by the server after a user authenticates to it, and that it will associate with that user until the client requests the association be broken. After authentication to the server, the client SHOULD make sure that the Uid is not used for a different user that the onethat authenticated. (It is permitted for a single user to have more than one Uid.) Requests that do authorization, such as open requests, will perform access checks using the identity associated with the Uid.
4、 Mid Field
The multiplex ID (Mid) is used along with the Pid to allow multiplexing the single client and server connection among the client's multiple processes, threads, and requests per thread. Clients may have many outstanding requests (up to the negotiated number, MaxMpxCount) at one time. Servers MAY respond to requests in any order, but a response message MUST always contain the same Mid and Pid values as the corresponding request message. The client MUST NOT have multiple outstanding requests to a server with the same Mid and Pid.
5、command code
（1）SMB_COM_NEGOTIATE           0x72
 Client Command             Server Response
 ========================== =========================================
 SMB_COM_NEGOTIATE          Must be the first message sent by client                 
                            to the server.  Includes a list of SMB
                            dialects supported by the client.  Server
                            response indicates which SMB dialect
                            should be used.
（2）SMB_COM_SESSION_SETUP_ANDX  0x73
SMB_COM_SESSION_SETUP_ANDX  Transmits the user's name and credentials        
                            to the server for verification.
                            Successful server response has Uid field
                            set in SMB header used for subsequent
                            SMBs on behalf of this user.
（3）SMB_COM_NT_CREATE_ANDX   0xa2
 Client Command             Server Response
 ========================== =========================================
SMB_COM_NT_CREATE_ANDX     An SMB_COM_NT_CREATE_ANDX request is sent
                           by a client to open a file or device on the server.
（4）SMB_COM_READ_AndX                0x2e
SMB_COM_READ_AndX              
An SMB_COM_READ_ANDX request is sent by a client to read from a file or named pipe on a server
（5） SMB_COM_WRITE_AndX                0x2f
SMB_COM_WRITE_AndX              
An SMB_COM_WRITE_AndX request is sent by a client to write from a file or named pipe on a server