Wireshark · Wireshark-dev: Re: [Wireshark-dev] Parsing SMB Packet

Wireshark-dev: Re: [Wireshark-dev] Parsing SMB Packet

Date: Wed, 24 Dec 2008 09:15:46 +0800

Hi,

It seems that the 'response' from your device is not correct. The 'Request/Response' of 'Flags' is alwasy '0' in SMB headers (which means an SMB request).
For example, packet 5 is a Negotiate Request from 10.255.10.4.103 to 10.255.105.150, however packet 8 is also a Negotiate Request in the reversed direction.

It seems to me that packet 8 should be a response, therefore the 'Request/Response' bit of 'Flags' should be '1'.

BTW, I use version 1.0.4 (revision 26501) to view the traffic and found no 'continuation data'. A difference behavior between these two versions?

On Wed, Dec 24, 2008 at 2:51 AM, Mahendran <shmahendran@xxxxxxxxx> wrote:

Hi,

I am using Wire Shark 1.0.5.

I am trying to capture the SMB packets using Wire Shark. It parses the SMB Request correctly but unable to parse the SBM Response that is sent from our device. The content are shown under "Continuation Data". If it parses properly that will help me in analyzing the packets. Could you please help me?

I have attached the capture for your analysis. Look at the packet no 47, 51 and 55.

Best Regards,
Mahendran
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe

References:
- [Wireshark-dev] Parsing SMB Packet
  - From: Mahendran

Prev by Date: [Wireshark-dev] LTE MAC
Next by Date: Re: [Wireshark-dev] LTE MAC
Previous by thread: [Wireshark-dev] Parsing SMB Packet
Next by thread: Re: [Wireshark-dev] Parsing SMB Packet
Index(es):
- Date
- Thread