Wireshark-users: [Wireshark-users] FIND_FIRST2 not being parsed correctly?
From: Jeremy M <jrmymllr@xxxxxxxxxxx>
Date: Sat, 30 Aug 2008 08:12:06 -0400
|
I seem to be having problems with Wireshark parsing a FIND_FIRST2
response from Samba. I am using Wireshark 1.0.2 that was downloaded
just a few days ago. The FIND_FIRST2 responses generated by Samba for
requests from my Win2000 computer are parsed just fine by Wireshark.
But, Win2000 uses Unicode and the messages in question use ASCII. The
requests in question are generated by an embedded project I'm working
on, which is asking for ASCII and not Unicode responses. It's very possible that there are some problems with the request I'm sending to Samba, but Samba does respond, and I would hope that Samba generates valid messages. The Samba I'm using is fairly new, within the past year. I'm not sure of the version, though. Below is the response from Samba. As can be seen, Wireshark is having issues decoding Level of Interest, and off the FIND_FIRST2 data. No. Time Source Destination Protocol Info 19 2.831074 192.168.0.2 192.168.0.169 SMB Trans2 Response, FIND_FIRST2, Files: Frame 19 (250 bytes on wire, 250 bytes captured) Ethernet II, Src: 00:1c:c0:26:6c:19 (00:1c:c0:26:6c:19), Dst: 00:00:00:00:00:00 (00:00:00:00:00:00) Internet Protocol, Src: 192.168.0.2 (192.168.0.2), Dst: 192.168.0.169 (192.168.0.169) Transmission Control Protocol, Src Port: 445 (445), Dst Port: 1026 (1026), Seq: 228, Ack: 294, Len: 196 NetBIOS Session Service SMB (Server Message Block Protocol) SMB Header Server Component: SMB [Response to: 18] [Time from request: 0.018977000 seconds] SMB Command: Trans2 (0x32) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x88 Flags2: 0x0041 Process ID High: 0 Signature: 0000000000000000 Reserved: 0000 Tree ID: 1 Process ID: 0 User ID: 0 Multiplex ID: 0 Trans2 Response (0x32) Subcommand: FIND_FIRST2 (0x0001) [Level of Interest: Unknown (4294967295)] Word Count (WCT): 10 Total Parameter Count: 10 Total Data Count: 124 Reserved: 0000 Parameter Count: 10 Parameter Offset: 56 Parameter Displacement: 0 Data Count: 124 Data Offset: 68 Data Displacement: 0 Setup Count: 0 Reserved: 00 Byte Count (BCC): 137 Padding: 00 FIND_FIRST2 Parameters Level of Interest: Unknown (4294967295) Search ID: 0xfffd Search Count: 7 End Of Search: 1 EA Error offset: 0 Last Name Offset: 104 Padding: 0000 FIND_FIRST2 Data Unknown Data: 1000000000000000020000002E0000001000000000000000... 0000 00 00 00 00 00 00 00 1c c0 26 6c 19 08 00 45 10 .........&l...E. 0010 00 ec b6 d5 40 00 40 06 01 2b c0 a8 00 02 c0 a8 ....@.@..+...... 0020 00 a9 01 bd 04 02 e6 a8 30 ae 00 00 01 40 50 18 ........0....@P. 0030 40 00 1f 40 00 00 00 00 00 c0 ff 53 4d 42 32 00 @..@.......SMB2. 0040 00 00 00 88 41 00 00 00 00 00 00 00 00 00 00 00 ....A........... 0050 00 00 01 00 00 00 00 00 00 00 0a 0a 00 7c 00 00 .............|.. 0060 00 0a 00 38 00 00 00 7c 00 44 00 00 00 00 00 89 ...8...|.D...... 0070 00 00 fd ff 07 00 01 00 00 00 68 00 00 00 10 00 ..........h..... 0080 00 00 00 00 00 00 02 00 00 00 2e 00 00 00 10 00 ................ 0090 00 00 00 00 00 00 03 00 00 00 2e 2e 00 00 14 00 ................ 00a0 00 00 00 00 00 00 08 00 00 00 70 72 69 76 61 74 ..........privat 00b0 65 00 10 00 00 00 00 00 00 00 04 00 00 00 74 6d e.............tm 00c0 70 00 10 00 00 00 00 00 00 00 04 00 00 00 75 73 p.............us 00d0 72 00 14 00 00 00 00 00 00 00 07 00 00 00 70 75 r.............pu 00e0 62 6c 69 63 00 00 14 00 00 00 00 00 00 00 07 00 blic............ 00f0 00 00 31 32 2e 6d 70 33 00 00 ..12.mp3.. Get ideas on sharing photos from people like you. Find new ways to share. Get Ideas Here! |
- Prev by Date: [Wireshark-users] Betr: Re: wireshark extract specific field
- Next by Date: [Wireshark-users] capture
- Previous by thread: Re: [Wireshark-users] TCP Port numbers reused
- Next by thread: [Wireshark-users] capture
- Index(es):