Scan to SMB

Re: Scan to SMB


I thought about that possibility but I thought it sounded unlikely. I'll check it out when I go back. Thanks.

Re: Scan to SMB

I will second that, I have run into this situation on a few occasions.

Re: Scan to SMB

I have seen it also, years ago with Windows 95 and 98. The PC manufacturer had a default name that was 2 digits longer than what the OS accepted. Customer had ordered 6 computers from the same supplier.

Re: Scan to SMB

Let's think about this for a minute because something isn't adding up on the scenario with 2 PC's having the same hostname.

The job of DNS is to resolve the hostname to an IP address. Thus if 2 PC's have the same hostname but have 2 different IP addresses, the SMB scan will only go to the computer with the intended IP address. My scan is going to 2 different scan folders on 2 different PC's.

No?


PS - If the PC's have the same IP address, I could see that causing the problem.

I could be wrong.

Re: Scan to SMB

On 2nd thoughts, I suppose if 2 PC's have the same hostname that it could cause 2 DNS entries for the one hostname. This is confusing.

Re: Scan to SMB

I think I'm gonna lab up this scenario and see what happens.

Re: Scan to SMB

Okay, I have 2 computers and 1 Kyocera copier as part of this physical lab. I changed the hostname of PC 2 to the same name as PC 1 and a warning popped up telling me that this was a duplicate hostname but it let me change it anyway.

I then went to my SOHO router and there are 2 entries for the same hostname but with 2 different IP addresses. I scanned a doc. and it did not go to both PCs.

However, at my customer's office I have the same username and password on both PC's and the scan folder is named "scan" on both PC's. Without these being the same on both PC's, it's never gonna scan to both PC's. I'll have to change this also I suppose.

Re: Scan to SMB

The thing that you need to consider is what happens at the Session layer, because it would say this is not possible.

Maybe older NetBIOS (SMB:Port 139) could break this way being hostname reliant, but (SMB:Port 445) uses DNS to resolve to IP address for a singular session. Session encryption and connection keys are specific to the computer you connect to and not valid for connection to a different PC share.

You may not even know which SMB port is being used if you have NetBIOS enabled on each end (MFP->PC) It should be disabled as very insecure and inefficient.

OK time to learn....install Wireshark on the PC you are scanning to and fire that thing up to capture on the network interface you are using (hardline or wi-fi). If you get that far we can talk about how to sort and read it.
Start capture->MFP Send->Stop capture when file appears on PC

Wireshark will show you:
1) The DNS query and response, identifying the DNS source and IP address responses to the hostname query (if Port 445) ***Correction: This is only seen capturing at the MFP***
2) MAC address of computer you connect to **Same as above perspective from MFP, local MAC is known
3) The Port used for SMB
4) The UNC sharename (\\Computer\Share) accessed
5) The filename created
6) A 1-1 relationship per session (SMB multi-channel may use many NIC's but still 1-1)

I believe something else is at play with respect to file naming or Windows folder sync in the share. You are seeing 2 different files with the same name, or the same folder location from 2 different computers.


TIMESTAMP YOUR FILENAME!

Re: Scan to SMB

Does Kyocera allow you to setup groups for scanning like Ricoh does? Create the group, create the individual destinations, add the destinations to the group, select the group when scanning.

Re: Scan to SMB

Re: Scan to SMB


That's some good stuff. I think you're spot on that each transfer is it's own session and thus an impossibility to scan to 2 different shared folders on different PC's at the same time.

Nevertheless, the document appeared on 2 different PC's and it was timestamped. It's possible that it was the same folder location from 2 different computers. I failed to think about that. I will be sure to check.

Instead of talking out of school, I need to read up on the information that you posted and get back with you. I'm not opposed to doing SMB capture on Wireshark. I've done it before and I've gotten comfortable with WireShark.

Thanks for your help.

Re: Scan to SMB

Did you rule out a mapped folder?

Re: Scan to SMB

Good deal with Wireshark, I need to correct my post in that capturing from the shared folder PC will not show you the MFP's outgoing DNS query. For that you need a capture device (Tap or Port Mirror) at the MFP and a laptop.


Don't forget to turn off NetBIOS so it will force Port 445 in SMB communication.

BTW DNS has no effect in SMB port 139 communication.

Re: Scan to SMB


About a year ago, I ran across a video on doing a SMB capture on Wireshark. This video is over an hour long and it will test your patience but is full of great information. It's been so long since i watched the video that I had forgotten a lot of it.


I vividly remember doing a SMB capture on Wireshark because one of the first things that happens is a negotiation of SMB versions (SMB1. SMB2, SMB3). This is Microsoft's solution to backwards compatibility. SMB negotiates it's way down, starting with SMB3.

Anyway, evidently PrintWhisperer has been doing this for a long time or he just enjoys learning this stuff because he gave a brief history of SMB and he was spot on.

I'm gonna finish watching the video and then I'll do a SMB capture on WireShark.

SMB is one of those protocols that we all need to be an expert on, IMHO.


PS - Here's the video:

Re: Scan to SMB

Very similar to when in the day of dial up internet did training to find out the best connection speed starting with fastest speed of the modems. Fax machines still do training to determine the fastest transmission speed.