From: Jeff Foster <jfoste@xxxxxxxxxxxx>
Subject: RE: [ethereal-dev] phantom smb dissection
Date: Fri, 12 May 2000 12:08:06 -0500
> >
> >Hi,
> >
> >Ethereal 0.8.8 (and the current CVS) exhibit a bug whereby they
> >dissect & display data that isn't really in the packet.
> >
> >Take a look at the enclosed capture file. If packet 117 is displayed
> >first then the TCP content should just be "Continuation data" but if
> >packet 115 is displayed first and then 117 is displayed the netbios
> >and session stuff from packet 115 is still being seen when 117 is
> >displayed.
>
> You are right. The problem is that the smb dissector doesn't check
> for the end of the packet. The 'Testy' buffer stuff should handle this.
>
> The other interesting thing is that the actual SMB data is in packet
> 118. This is a place that the 'logical' display would be needed.
>
>
> Jeff Foster
> jfoste@xxxxxxxxxxxx
>
Hi Jeff,
thanks for the reply.
Being able to combine packets (i.e. packets 117 & 118 as discussed
above) would be useful but I can imagine would be quite a lot of work
to implement in a reliable fashion.
Regards,
Mark