Ethereal-dev: [Ethereal-dev] SMB patch, reassembly of DCERPC over SMB

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Ronnie Sahlberg" <rsahlber@xxxxxxxxxxxxxx>
Date: Tue, 4 Dec 2001 20:35:33 +1100
Hi,

Attached is a small patch that adds reassembly of DCERPC over SMB packets.
I.e. MSRPC reassembly.

This patch should be production quality, please check in to CVS.


Note:
1, Only Responses are verified to be reassembled OK. I have not seen any
fragmented requests yet.
Responses are fragmented as : First fragment is Transaction response,
remaining fragments are ReadAndX responses.
I do not know how requests are fragmented (using WriteAndX ?) and can
therefore not implement it.
If anyone can explain how Requests works or could supply a capture showing
fragmented requests I can
quickly create a patch for requests.
(an explanation need not be too detailed: something like "requests works
just likeresponses, but WriteAndX are used instead of ReadAndX" ?)

2, Only the initial Transaction call holding the first fragment will hold
the reassembled packet.
I can add a small function to call PIPE dissector for the last ReadAndX
fragment as well if anyone wants to.

---

Comments , Tim?

have fun
    ronnie sahlberg

Attachment: smb_patch.diff.gz
Description: GNU Zip compressed data