Hi, Martin Visser!
Thank you very much for your reply. But I develop my own application
with NetBIOS low-level packets. I use Ethereal as a tool for analyze
captured packets. My question is not about using Ethereal as user. I want to
know technical details about how Ethereal detects NetBIOS Session Message
packets are unreassambled?
Eugene Korolev.
----- Original Message -----
From: "Visser, Martin (Sydney)" <Martin.Visser@xxxxxx>
To: "Eugene Korolev" <korolev@xxxxxxxxxxx>; <ethereal-users@xxxxxxxxxxxx>
Sent: Friday, August 30, 2002 10:13 AM
Subject: RE: [Ethereal-users] (no subject)
A quick way is to use the Display Filter to only display the packets you
are interested in. Then choose Protocol Hierarchy Statistics from the
Tools menu. It will total up all the packets in the display under the
Frame category
Martin Visser
Network Consultant - Global Services
COMPAQ, part of the new HP
3 Richardson Place
North Ryde, Sydney NSW 2113, Australia
Phone *: +61-2-9022-1670 Mobile *: +61-411-254-513
Fax 7: +61-2-9022-1800 E-mail * : martin.visserAThp.com
-----Original Message-----
From: Eugene Korolev [mailto:korolev@xxxxxxxxxxx]
Sent: Friday, 30 August 2002 3:01 PM
To: ethereal-users@xxxxxxxxxxxx
Subject: [Ethereal-users] (no subject)
Hi, All!
I write an application that uses low-level NetBIOS packets. When
I send NetBIOS Session Message Packet Request (NBS request), I receive
NetBIOS Session Message Packet Response (NBS response). The NBS response
consists of several parts (the first response packet + NBS Continual
Message Packets). It seems that Ethereal detects all NBS packets
correctly. What is a method to detect the total amount of NBS Continual
Message Packets or the total size (in bytes) of these packets?
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
Length: 2920
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 20
Time from request: 0.452407000 seconds
SMB Command: Transaction (0x25)
Error Class: Success (0x00)
Reserved: 00
Error Code: No Error
Flags: 0x98
Flags2: 0x0003
Reserved: 000000000000000000000000
Tree ID: 36866
Process ID: 1300
User ID: 61441
Multiplex ID: 0
Transaction Response (0x25)
Word Count (WCT): 10
Total Parameter Count: 12
Total Data Count: 6560
Reserved: 0000
Parameter Count: 12
Parameter Offset: 56
Parameter Displacement: 0
Data Count: 2852
Data Offset: 68
Data Displacement: 0
Setup Count: 0
Reserved: 00
Byte Count (BCC): 2865
Padding: 00
SMB Pipe Protocol
Microsoft Windows Lanman Remote API Protocol
Function Code: NetUserEnum2 (131)
Status: Success (0)
Convert: 58944
Doubleword Param: 724647 (0x000B0EA7)
Entry Count: 83
Word Param: 83 (0x0053)
Entries
.....................
[Unreassembled Packet: LANMAN]
Eugene Korolev.
_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users
-
