Wireshark · Ethereal-dev: Re: [Ethereal-dev] SMBpatch for read/write and x

Ethereal-dev: Re: [Ethereal-dev] SMBpatch for read/write and x

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Pia Sahlberg" <piabar@xxxxxxxxxxx>

Date: Wed, 28 Nov 2001 12:51:59 +0000

Hi Tim, Hi list

In what way does it not work?
add_fid() should show the smb.fid field in the tree for anyone
calling it, including when called for TransactNmPipe.

I assume you can actually see the smb.fid thingy in the tree but thatdisplay filters fails to see it?

If that is the case, then I have seen it before (for example for nfsfilehandles, which are also displayed by NLM and Mount dissectors):

smb_fid  is declared in the SMB protocol dissector and tied to proto_smb.

If you would call add_fid() form somewhere else, outside of the dissectorfor proto_smb, as in say proto_pipe or whatever the smb-pipe

dissector is called, then the displayfilter thingy will not find
smb.fid.

I assume this is some optimization, if dissecting in the tree under theprotocol branch: proto_pipe, then ONLY check hf_index entries

registred for proto_pipe and ignore anything else.

I failed to find how to change this behaviour when I looked at it some timeago.


Try this:
Perhaps it would work to add hf_index to the add_fid() parameters

and passing hf_smb_fid as a parameter to it everytime it is called frompacket-smb.c.

Then create an identical hf entry inside packet-smb-pipe.c but call it
hf_pipe_fid (let the filter string remain smb.fid) and pass
hf_pipe_fid as a parameter when called from packet-smb-pipe.c
It might work?

From: Tim Potter To: Pia Sahlberg CC: ethereal-dev@xxxxxxxxxxxx
Subject: Re: [Ethereal-dev] SMBpatch for read/write and x
Date: Wed, 28 Nov 2001 23:30:58 +1100

On Wed, Nov 28, 2001 at 11:20:11AM +0000, Pia Sahlberg wrote:

> Attached is a tiny patch which tracks FID values between  requests
> and responses for ReadAndX and WriteAndX.
>
> This is needed later by the MSRPC reassembly.

I've just compiled up the latest CVS with new shinier fid tracking
and it doesn't seem to work for the TransactNmPipe packets.  This
is despite the add_fid() function being called at the appropriate
place.  )-:

Tim.



_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp

Follow-Ups:
- Re: [Ethereal-dev] SMBpatch for read/write and x
  - From: Tim Potter

Prev by Date: [Ethereal-dev] can_desegment and smb transaction patch
Next by Date: Re: [Ethereal-dev] Re: LDP multi-PDUs in one TCP segement support
Previous by thread: Re: [Ethereal-dev] SMBpatch for read/write and x
Next by thread: Re: [Ethereal-dev] SMBpatch for read/write and x
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$