ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Smb2-protocol: Re: [Smb2-protocol] more flags...

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: ronnie sahlberg <ronniesahlberg@xxxxxxxxx>
Date: Wed, 8 Feb 2006 11:45:07 +1100
I think those two bytes are just uninitialized data.

In several captures I have I see completely different pattern,  sometimes the Request contains the same value for several calls, then they use other values.

Some sequences i have the requests having
6F00   and the responses  0100
other sequences in the same capture are
7E00 and the response are 0100

Other sequences the responses start going 0100 0200 0300 0400   then jumping back to 0100 for the rest of the trace.




On 2/7/06, Stefan (metze) Metzmacher <metze@xxxxxxxxx> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi *,

I just noticed that the 2 bytes between opcode and flags,
are also some kind of flags,

it's 0x0030 for requests and 0x0001 for normal replies
(in samba4 both are 0x0000)

it's also 0x0000 in a response with STATUS_CANCELLED

metze
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFD6HrRm70gjA5TCD8RArVQAJ9iEK6VKxLAP0yrngQPuR3jWkxUwQCbBSC8
AiX9obapf6us9q9eu12KU8U=
=EAWT
-----END PGP SIGNATURE-----

_______________________________________________
Smb2-protocol mailing list
Smb2-protocol@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/smb2-protocol

Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube