Ethereal-dev: Re: [Ethereal-dev] smb, dcerpc, having old-style dissector call a tvbuff one?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Tim Potter <tpot@xxxxxxxxxxx>
Date: Sun, 22 Jul 2001 17:46:39 +1000 (EST)
Todd Sabin writes:

> Guy Harris <guy@xxxxxxxxxx> writes:
> > Using the file/pipe number would probably work as a short-term solution,
> > as long as you don't run DCE RPC over both port 138 and port 139 SMB
> > (or, if you do, they get different file/pipe numbers).

[...]

> Anyway, I'm going to try the TCP port plus file id for now.  Would
> love to hear from SMB gurus if that sounds like a reasonable approx.

I had most of a patch to do this.  You need to take the uid from
the sesssetupX packet, the tid from the tconX, and the fid from
the ntcreateX packet.  This information, plus the existing
guint32 conversation id gives you a unique tuple that you can
match to a pipe name.

I ended up getting annoyed at not having a DCE/RPC idl compiler
that could generate a custom back end (i.e an ethereal dissector)
so ethereal could become a better netmon.


Tim.