ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Ethereal-dev: [Ethereal-dev] SMB NetServerEnum2 RAP response incorrect bytes

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Aaron Carlson" <syplex@xxxxxxx>
Date: Tue, 6 Jul 2004 06:22:55 +0200 (MEST)
Ethereal (v 0.10.3 and 0.10.4) is highlighting the incorrect bytes for the
'Server Type' field within the Server_Info_1 structures in the
NetServerEnum2 RAP response.  I just checked and it is also highlighting
incorrect bytes for browser protocol decodes (host/master announcements).

In the "Packet Details" pane the 'Server Type' field shows the correct
values, but in the "Packet Bytes" pane the bytes for the 'Server Comment'
field are highlighted.  The 'Server Comment' field is a pointer, and the
actual 4-byte pointer value is highlighted, not the string it points to).

For reference I have included the structure definitions.  From
draft-leach-cifs-browser-spec-00.txt AND draft-leach-cifs-rap-spec-00.txt:

  struct SERVER_INFO_1 {
      char            sv1_name[16];
      char            sv1_version_major;
      char            sv1_version_minor;
      unsigned long   sv1_type;
      char           *sv1_comment_or_master_browser;
  };

...and from Implementing CIFS:

  struct {
      uchar  Name[16];    /* Provider name */
      uchar  OSMajorVers; /* Provider OS Rev */
      uchar  OSMinorVers; /* Provider OS Point */
      ulong  ServerType;  /* See below */
      uchar *Comment;     /* Pointer */
  } ServerInfo_1;


-Aaron

-- 
"Sie haben neue Mails!" - Die GMX Toolbar informiert Sie beim Surfen!
Jetzt aktivieren unter http://www.gmx.net/info
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube