Wireshark · Smb2-protocol: [Smb2-protocol] Re: a first look at SMB2

Smb2-protocol: [Smb2-protocol] Re: a first look at SMB2

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: ronnie sahlberg <ronniesahlberg@xxxxxxxxx>

Date: Fri, 25 Nov 2005 06:37:09 +0000

On 11/25/05, tridge@xxxxxxxxx >  - immediately after the oplocks flags
in smb2_create comes the 32 bit
>    impersonation field (same meaning as in ntcreatex).

ethereal and wiki  updated.

>
>  - immediately after the max_response_size in the SMB2 trans request
>    comes a set of flags. I've marked it as 64bit, but only the first
>    bit seems to matter. It needs to be 1 for dce/rpc. Getting it wrong
>    gives STATUS_NOT_SUPPORTED.

Ok.   However, all transactions i have have this bit set in the request.
This includes all the dcerpc transactions and also all the non-dcerpc
transactions.
If it is a flag it is in that case required for all transactions dcerpc or not.


See my other mail    where i think that it is the four bytes priuor ot
the FID that identifies if it is dcercp or something else.




>
>  - in smb2_trans request, it seems to take both an 'in' and an 'out'
>    buffer. The server seems to ignore whats in the 'in' buffer. This
>    seems to be symmetric with the smb2_trans response.

ethereal and wiki updated.

References:
- [Smb2-protocol] a first look at SMB2
  - From: tridge
- Re: [Smb2-protocol] a first look at SMB2
  - From: Stefan (metze) Metzmacher
- Re: [Smb2-protocol] a first look at SMB2
  - From: Stefan (metze) Metzmacher
- [Smb2-protocol] Re: a first look at SMB2
  - From: ronnie sahlberg
- Re: [Smb2-protocol] Re: a first look at SMB2
  - From: tridge

Prev by Date: Re: [Smb2-protocol] Re: a first look at SMB2
Next by Date: [Smb2-protocol] smb2 update
Previous by thread: Re: [Smb2-protocol] Re: a first look at SMB2
Next by thread: [Smb2-protocol] SMB2 Transaction updates in ehtereal
Index(es):
- Date
- Thread