SMB: Negotiate Protocol Request

Bronkoo · February 14, 2020, 5:09pm

Hi Forum,

I would like to mount a smb share from my

Mikrotik 2011UiAS-2HnD Firmware 6.46.2

I’m aware about:
https://wiki.mikrotik.com/wiki/Manual:IP/SMB

Note: RouterOS only supports SMB v1.0 and v2.002

and got these on my OmniOS Client.:

# mount -F smbfs //user1@mikrotik/share /media/Keys
Password:
mount: //mikrotik: login failed: syserr = Operation not supported

(no more details in log file)

Let’s sniff and have a look at pcap …

OmniOS → Mikrotik

SMB (Server Message Block Protocol)
    SMB Header
    Negotiate Protocol Request (0x72)
        Word Count (WCT): 0
        Byte Count (BCC): 38
        Requested Dialects
            Dialect: NT LANMAN 1.0
                Buffer Format: Dialect (2)
                Name: NT LANMAN 1.0
            Dialect: NT LM 0.12
                Buffer Format: Dialect (2)
                Name: NT LM 0.12
            Dialect: SMB 2.???
                Buffer Format: Dialect (2)
                Name: SMB 2.???

Mikrotik → OmniOS

SMB (Server Message Block Protocol)
    SMB Header
    Negotiate Protocol Response (0x72)
        Word Count (WCT): 17
        Selected Index: 1: NT LM 0.12
        Security Mode: 0x03, Mode, Password
            .... ...1 = Mode: USER security mode
            .... ..1. = Password: ENCRYPTED password. Use challenge/response
            .... .0.. = Signatures: Security signatures NOT enabled
            .... 0... = Sig Req: Security signatures NOT required
        Max Mpx Count: 50
        Max VCs: 1
        Max Buffer Size: 65532
        Max Raw Buffer: 65536
        Session Key: 0x2908f430
        Capabilities: 0x00000258, Large Files, NT SMBs, NT Status Codes, NT Find
        System Time: Feb 12, 2020 17:35:00.000000000 CET
        Server Time Zone: 180 min from UTC
        Challenge Length: 8
        Byte Count (BCC): 8
        Challenge: 30facc9bf8148e65

What, NT LM 0.12 was negotiated…?!?

Next packet is a TCP [ACK]

Flags: 0x010 (ACK)
    000. .... .... = Reserved: Not set
    ...0 .... .... = Nonce: Not set
    .... 0... .... = Congestion Window Reduced (CWR): Not set
    .... .0.. .... = ECN-Echo: Not set
    .... ..0. .... = Urgent: Not set
    .... ...1 .... = Acknowledgment: Set
    .... .... 0... = Push: Not set
    .... .... .0.. = Reset: Not set
    .... .... ..0. = Syn: Not set
    .... .... ...0 = Fin: Not set
    [TCP Flags: ·······A····]

and finally a TCP [RST, ACK]

Flags: 0x014 (RST, ACK)
    000. .... .... = Reserved: Not set
    ...0 .... .... = Nonce: Not set
    .... 0... .... = Congestion Window Reduced (CWR): Not set
    .... .0.. .... = ECN-Echo: Not set
    .... ..0. .... = Urgent: Not set
    .... ...1 .... = Acknowledgment: Set
    .... .... 0... = Push: Not set
    .... .... .1.. = Reset: Set
        [Expert Info (Warning/Sequence): Connection reset (RST)]
    .... .... ..0. = Syn: Not set
    .... .... ...0 = Fin: Not set
    [TCP Flags: ·······A·R··]

Can provide whole pcap (8 packets) via PM.

Does anyone has any hints for me?
From my Arch Linux Client mounting works fine.