Ethereal-dev: Re: [Ethereal-dev] smb-browse

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Richard Sharpe <sharpe@xxxxxxxxxx>
Date: Fri, 13 Jul 2001 11:48:12 +0930
Guy Harris wrote:


I tried to keep the functionality as close as possible to the original
dissector, but there is one exception:
I assume that every instance of a string for a ServerName is always exactly
16 characters (which might not
be 0 terminated).



Nope.

In a Get Backup List response, there are multiple host names, *not*
padded to 16 characters, and NUL-terminated.  One capture on the network
here showed that.

I've attached an old "PRELIMINARY DRAFT OF AN INTERNET-DRAFT" (yes, the
document says it's a draft of an Internet-Draft, using the word "draft"
twice; the document may or may not 100% accurately reflect what Windows
actually does), from the old CIFS mailing list, for the browser
protocol; for Get Backup List responses, it says

	6.3 GetBackupListResponse Browser Frame

	The GetBackupListResponse frame is sent by a Master Browser in response
	to a GetBackupListRequest frame. If the GetBackupListRequest was sent
	from the computer whose name is "ComputerName", the
	GetBackupListResponse frame is sent to the ComputerName(00) NETBIOS
	unique name and mailslot "\MAILSLOT\LANMAN". Note: this name is not part
	of the request and the Master Browser needs to *deduce* this name with
	some cooperation from the transport protocol involved.  The definition
	of the GetBackupListResponse frame is:

	    struct {
	        unsigned short  OpCode;
	        unsigned short  BackupServerCount;
	        unsigned short  Token;
	        unsigned char   BackupServerList[][]
	    }
	where:
	     Opcode -- Identifies this structure as a backup list.

	     BackupServerCount -- Specifies the number of backup servers
	         that follow this list.

	     Token -- Is returned unmodified to the client. This is used by
	         the client to associate an incoming BackupListResponse
	         with its BackupListRequest.

	     BackupServerList -- ASCII backup servers. Each server name is
	         null terminated and up to 16 bytes in length.

"Up to 16 bytes" means "could be less than 16 bytes".
In fact, since these names are NetBIOS names, they must be lest than or equal to 15 characters. The last character is a type indicator, and is not returned in the response to the GetBackupList request. 

--
Richard Sharpe, rsharpe@xxxxxxxxxx, LPIC1
www.samba.org, www.ethereal.com, SAMS Teach Yourself Samba
in 24 Hours, Special Edition, Using Samba