Ethereal-users: [Ethereal-users] SMB NTLMSSP Flags - help required

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: jono <jono29@xxxxxxxxx>
Date: Fri, 14 Oct 2005 13:35:16 +0100
Can someone assist me in a packet analysis of an smb capture. The
issue relates to a dfs flag  been set to zero, when the share being
accessed is a dce_dfs share in a server cluster. I am accessing the
share using ntlmssp and understand very little about the extended
security involved. Therefore I am getting alot of SMB authorisation
failures. Is it possible for me to somehow set the dfs flag in the
setup session and request capabilities to allow for dfs. Or am I
completely on the wrong track.
the following is a extract from the packet showing the capabilities:
Session Setup AndX Request (0x73)
        Word Count (WCT): 12
        AndXCommand: No further commands (0xff)
        Reserved: 00
        AndXOffset: 208
        Max Buffer: 16644
        Max Mpx Count: 50
        VC Number: 1
        Session Key: 0x00000000
        Security Blob Length: 47
        Reserved: 00000000
        Capabilities: 0xa00000d4
            .... .... .... .... .... .... .... ...0 = Raw Mode: Read
Raw and Write Raw are not supported
            .... .... .... .... .... .... .... ..0. = MPX Mode: Read
Mpx and Write Mpx are not supported
            .... .... .... .... .... .... .... .1.. = Unicode: Unicode
strings are supported
            .... .... .... .... .... .... .... 0... = Large Files:
Large files are not supported
            .... .... .... .... .... .... ...1 .... = NT SMBs: NT SMBs
are supported
            .... .... .... .... .... .... ..0. .... = RPC Remote APIs:
RPC remote APIs are not supported
            .... .... .... .... .... .... .1.. .... = NT Status Codes:
NT status codes are supported
            .... .... .... .... .... .... 1... .... = Level 2 Oplocks:
Level 2 oplocks are supported
            .... .... .... .... .... ...0 .... .... = Lock and Read:
Lock and Read is not supported
            .... .... .... .... .... ..0. .... .... = NT Find: NT Find
is not supported
            .... .... .... .... ...0 .... .... .... = Dfs: Dfs is not supported
            .... .... .... .... ..0. .... .... .... = Infolevel
Passthru: NT information level request passthrough is not supported
            .... .... .... .... .0.. .... .... .... = Large ReadX:
Large Read andX is not supported
            .... .... .... .... 0... .... .... .... = Large WriteX:
Large Write andX is not supported
            .... .... 0... .... .... .... .... .... = UNIX: UNIX
extensions are not supported
            .... ..0. .... .... .... .... .... .... = Reserved: Reserved
            ..1. .... .... .... .... .... .... .... = Bulk Transfer:
Bulk Read and Bulk Write are supported
            .0.. .... .... .... .... .... .... .... = Compressed Data:
Compressed data transfer is not supported
            1... .... .... .... .... .... .... .... = Extended
Security: Extended security exchanges are supported
        Byte Count (BCC): 149

Can someone help with this very confusing issue?