Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-users: Re: [Ethereal-users] (no subject)

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Eugene Korolev" <korolev@xxxxxxxxxxx>
Date: Fri, 30 Aug 2002 15:25:14 +0400
My application reads Netbios header and builds a full netbios packet from
fragmented parts. However NBSS Continual packet is not included into the
Netbios Session Messages packet. I attached a file dump for ethereal to the
email. Please see frames 22,23,24. Netbios packet at the 22nd frame consists
of the single part according to the lebgth indicated in its header, but it
seems that following packets 23,24 contain additional data for the 22nd
frame.

----- Original Message -----
From: "Guy Harris" <gharris@xxxxxxxxx>
To: "Eugene Korolev" <korolev@xxxxxxxxxxx>
Cc: "ethereal users" <ethereal-users@xxxxxxxxxxxx>; "Visser, Martin
(Sydney)" <Martin.Visser@xxxxxx>
Sent: Friday, August 30, 2002 2:26 PM
Subject: Re: [Ethereal-users] (no subject)


> On Fri, Aug 30, 2002 at 02:25:46AM -0700, Guy Harris wrote:
> > (I.e., there's no code specific to the NetBIOS dissector to detect
> > that.)
>
> ...except that the "NetBIOS" dissector, in the sense of the NetBIOS
> frame protocol dissector, isn't what's being used here; this
> is NetBIOS-over-TCP.
>
> The answer is similar in this case, except that 3) is
>
> 3) not having TCP desegmentation enabled.
>
> If you enable TCP desegmentation by selecting the "Preferences" item
> from the "Edit" menu, opening the "Protocols" item on the left-hand side
> of the dialog box, selecting "TCP", turning "Allow subdissector to
> desegment TCP streams", and clicking "OK", the session message packets
> should be reassembled for you by Ethereal.
>
> If you want to do that in *your* application, you need to write code to
> read the NetBIOS-over-TCP session service header (and don't assume that
> you will get all of the data in the header in one read call; TCP doesn't
> guarantee that), extract the message length from the header, and then
> read that many bytes (again, don't assume you'll get all that data in
> one read call).

> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users
> -

Attachment: test
Description: Binary data

Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube