Wireshark · Smb2-protocol: [Smb2-protocol] Re: a first look at SMB2

Smb2-protocol: [Smb2-protocol] Re: a first look at SMB2

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: ronnie sahlberg <ronniesahlberg@xxxxxxxxx>

Date: Mon, 28 Nov 2005 22:40:03 +0000

On 11/25/05, tridge@xxxxxxxxx > We've also implemented all of the
above in libcli/smb2/ except for
> cancel, notify, break and lock.

I then assume you have discovered what the 4 bytes prior to the FID in
Transaction request is?

I belive this is a field that details what kind of transaction is used
and it is only dce/rpc if these four bytes are 17.c0.11.00 .
Can you verify if dcerpc breaks if you use a different value using your client?


Also for Notify I have guessed what most of the fields are.


Please see the Discussion section for SMB2/Transaction and SMB2/Notify
on the wiki where i have put the current guesswork

Follow-Ups:
- [Smb2-protocol] Re: a first look at SMB2
  - From: ronnie sahlberg

References:
- [Smb2-protocol] a first look at SMB2
  - From: tridge
- Re: [Smb2-protocol] a first look at SMB2
  - From: Stefan (metze) Metzmacher
- Re: [Smb2-protocol] a first look at SMB2
  - From: Stefan (metze) Metzmacher
- [Smb2-protocol] Re: a first look at SMB2
  - From: ronnie sahlberg
- [Smb2-protocol] Re: a first look at SMB2
  - From: ronnie sahlberg
- Re: [Smb2-protocol] Re: a first look at SMB2
  - From: Stefan (metze) Metzmacher
- [Smb2-protocol] Re: a first look at SMB2
  - From: ronnie sahlberg
- Re: [Smb2-protocol] Re: a first look at SMB2
  - From: tridge

Prev by Date: [Smb2-protocol] Re: Notify
Next by Date: [Smb2-protocol] Re: a first look at SMB2
Previous by thread: [Smb2-protocol] Re: a first look at SMB2
Next by thread: [Smb2-protocol] Re: a first look at SMB2
Index(es):
- Date
- Thread