Skip to main content
NetApp Response to Russia-Ukraine Cyber Threat
In response to the recent rise in cyber threat due to the Russian-Ukraine crisis, NetApp is actively monitoring the global security intelligence and updating our cybersecurity measures. We follow U.S. Federal Government guidance and remain on high alert. Customers are encouraged to monitor the Cybersecurity and Infrastructure Security (CISA) website for new information as it develops and remain on high alert.
NetApp Knowledge Base

Why does “vserver cifs session show” show sessions with long-running idle time?

Views:
771
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
cifs
Last Updated:

 

Applies to

  • ONTAP 9
  • Clustered Data ONTAP

Question

Why does “vserver cifs session show” show sessions with long-running idle time?

Answer

  • If the client has the IPC$ share AND one or more shares open on the same session then the session will not idle out. 'cifs session show' prints out both a connection ID and a session ID for each session.
    • When a CIFS client sets up a TCP connection to the vserver it will correspond on the vserver side to a specific connection ID.
    • The client then will perform a session setup to authenticate itself and a new session with a session ID is created.
    • The client may choose to set up another session on the same connection. This is common, and is to combine CIFS sessions on top of a single connection.
    • A client may use a single session to open multiple shares and commonly this includes the IPC$ share.
    • If the IPC$ share is the only share open, then it will timeout after 15 minutes assuming the session is idle.

Additional Information

Lab Example:
Munich::*> date;vserver cifs session show -node Munich-01 -vserver cifstomo -fields node,connected-time,shares,idle-time
Node      Date                    Time zone
--------- ------------------------ -------------------------
Munich-01 Mon Aug 15 18:55:30 2016 Japan
Munich-02 Mon Aug 15 18:55:30 2016 Japan
2 entries were displayed.
node      vserver  session-id connection-id shares connected-time idle-time
--------- -------- ---------- ------------- ------ -------------- ---------
Munich-01 cifstomo 1          2742712655    2      "26m 51s"      "26m 32s"
 
In this particular test the shares opened with IPC$ and “test” each corresponding to a different tree ID as seen in a packet trace.  Because the IPC$ share and 1 additional share are open, this session will not time out.
 
Once the client disconnected from the share “test”, the number of shares connected to drops down to 1 (IPC$):
Munich::*> date;vserver cifs session show -node Munich-01 -vserver cifstomo -fields node,connected-time,shares,idle-time
Node      Date                    Time zone
--------- ------------------------ -------------------------
Munich-01 Mon Aug 15 18:59:23 2016 Japan
Munich-02 Mon Aug 15 18:59:23 2016 Japan
2 entries were displayed.
node      vserver  session-id connection-id shares connected-time idle-time
--------- -------- ---------- ------------- ------ -------------- ---------
Munich-01 cifstomo 1          2742712655    1      "30m 45s"      3s
 
The client can confirm the shares it has open by using the “net use” command:
C:\>net use
New connections will not be remembered.
Status      Local    Remote                    Network
-------------------------------------------------------------------------------
OK                    \\10.128.209.152\IPC$    Microsoft Windows Network
The command completed successfully.

 
About 15 minutes later the session idles out as the client has only 1 share open (IPC$)
 
Munich::*> date;vserver cifs session show -node Munich-01 -vserver cifstomo -fields node,connected-time,shares,idle-time
Node      Date                    Time zone
--------- ------------------------ -------------------------
Munich-01 Mon Aug 15 19:14:32 2016 Japan
Munich-02 Mon Aug 15 19:14:32 2016 Japan
2 entries were displayed.
There are no entries matching your query.

 

Scan to view the article on your device