Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Smb2-protocol: [Smb2-protocol] Re: a first look at SMB2

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: ronnie sahlberg <ronniesahlberg@xxxxxxxxx>
Date: Thu, 24 Nov 2005 23:59:21 +0000
etehreal and wiki updated.


did you see packets 570/574
where it is doing non-dcerpc  transactions to a plain file?

out buffer is empty but the server responds with 64 bytes of data.




On 11/24/05, Stefan (metze) Metzmacher <metze@xxxxxxxxx> wrote:
> ronnie sahlberg schrieb:
> > I added some quick code to dissect the payload of 0x0b as DCE/RPC
> >
> >
> > please check it with current svn of ethereal.
> >
> > the 0x0b request in 468 looks just as one might expect.
>
> after the FID this follows:
>
> 4byte data_offset
> 4byte data_length
> 4byte unknown1
> 4byte unknown2 (maybe the length of what the server should repeat from the
> request?)
>
> >
> >
> > look at   frame 469.
> > Lets just say this one was a surprise.
>
> here after the FID this follows:
> 4byte repeated_data_offset
> 4byte repeated_data_length (maybe controlled by unknown2 of the request?)
> 4byte reply_data_offset
> 4byte reply_data_length
>
>
>
> --
> metze
>
> Stefan Metzmacher <metze at samba.org> www.samba.org
>
> _______________________________________________
> Smb2-protocol mailing list
> Smb2-protocol@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/smb2-protocol
>
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube