Ethereal-dev: Re: [Ethereal-dev] Support SMBreadX in SAMR calls

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Ronnie Sahlberg" <ronnie_sahlberg@xxxxxxxxxxxxxx>
Date: Sat, 9 Nov 2002 06:32:43 +1100
From: "Devin Heitmueller"
Sent: Saturday, November 09, 2002 6:19 AM
Subject: Re: [Ethereal-dev] Support SMBreadX in SAMR calls


> Thanks for your quick response.
>
> Yes, enabling those flags does help some.  Why aren't those on by
> default?

They require a lot of additional memory to keep state and PDU fragments
hanging around between packets.
Since they need (potentially) a lot more memory when enabled, they are
disabled by default.


>
> I am still having problems decoding one particular trace which uses the
> SAMR function LookupRIDs().  In particular, if "Reassemble DCERPC over
> SMB" is disabled, it gets interpreted as a LookupRIDs request.  However
> if I enabled "Reassemble DCERPC over SMB", the dissector only reports it
> as a DCERPC request.  Isn't this the exact opposite of what one would
> expect.
>
> It could just be that I'm hitting some sort of exception, because I am
> attempting to lookup about 2200 RIDs in one request.  The server throws
> a DCERPC fault (which is expected), but I would believe the request is
> still properly formatted.
>
> I have a trace, if anyone is interested.

Strange.
I have myself decoded DCERPC packets spanning 200+ kb successfully,
fragmented on all three NBSS, SMB and DCERPC layers.

You can send a trace to me (or to the list) and I (or someone else) can look
at it.
When doing so, please also specify which packet in the capture you think
there is a problem with.