Wireshark Causing SMB Query

[Jim Aragon <Jim () agdatasystems com>]

Wireshark used to be completely passive, as long as  network name 
resolution was turned off. Last week I was using Wireshark 
PortableApps version 1.8.5 at work on a Windows XP computer, and I 
noticed that every time I started capturing, my PC sent an SMB query 
for a file or directory called ".wireshark" in my home directory, 
which is on a NetApp filer. The .wireshark file does not exist, so 
the NetApp filer returned STATUS_OBJECT_NAME_NOT_FOUND. The query and 
response were repeated four times over a period of 20 ms. However, 
Wireshark did not display any error dialog and capturing functioned 
normally. This happened every time I started or re-started live 
capturing, not just when Wireshark was first launched.

Does anyone know why Wireshark is now looking for this file and what 
is supposed to be in it? A trace file showing the SMB queries and 
responses is at https://www.cloudshark.org/captures/a3d0e503cdad

I'd really like to go back to Wireshark being passive and not causing 
any network traffic to be sent.

Jim

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe