Wireshark · Smb2-protocol: [Smb2-protocol] infolevel scanner

Smb2-protocol: [Smb2-protocol] infolevel scanner

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: ronnie sahlberg <ronniesahlberg@xxxxxxxxx>

Date: Sun, 13 Nov 2005 17:10:39 -0400

In the trace on the wiki for scanning infolevels :


1, packet 43  a create call  has next_offset!=0  but next_len==0
I think you should specify next_offset==0   if there is no extra blob.

2, 578   the test for 0x01 / 0x0a  that seems to indicate there is no
such infolevel

well there is such an infolevel.

I see it in packets 490/493    of the ...8000bytes... capture.

Ok,   here it is used for a SetInfo command.  but the infolevel exists.


==>
either GetInfo/SetInfo support a different set of class/infolevel

or

there is additional stuff in the 16 byte
ehader that controls the data.    infolevel specific stuff.



In this case i think it is just that 0x0a   is ONLY supported by
SetInfo   and not GetInfo  since this is the infolevel used to rename
a file.

Follow-Ups:
- Re: [Smb2-protocol] infolevel scanner
  - From: tridge

Prev by Date: [Smb2-protocol] dcerpc and setinfo
Next by Date: [Smb2-protocol] some infolevels
Previous by thread: [Smb2-protocol] dcerpc and setinfo
Next by thread: Re: [Smb2-protocol] infolevel scanner
Index(es):
- Date
- Thread