[Devin Heitmueller <dheitmueller@xxxxxxxxxxx>]

That's pretty weird.  The UserID field starts as 0 for the first few
frames, and when the SMBSessionSetupAndX request is sent (contain zero
as the UserID), the Win2k server replies with 2048.  All subsequent
requests have 2048 for both the request and reply.

So I guess the question is, who is broken?  Is it acceptable for Win2k
to receive a request with the userid set to zero, then reply with 2048? 
Is this a condition we should attempt to accommodate in Ethereal?  Or
should I be emailing the Samba-TNG people claiming they are implementing
the protocol improperly?

Thanks,

Devin

On Wed, 2003-02-19 at 15:18, Ronnie Sahlberg wrote:
> In your capture, UserID in the SMB header is different between Cal/Reply
> That makes ethereal unable to match the reply to the call, which makes
> the DCERPC in the replies fail to dissect.
> 
> ----- Original Message ----- 
> From: "Devin Heitmueller" 
> Sent: Thursday, February 20, 2003 3:13 AM
> Subject: [Ethereal-dev] SMB Transact response reassembly problem
> 
> 
> > It would appear that problems with SMB reassembly seem to haunt me.
> > 
> > The attached trace was taken from Samba-tng, attempting to perform a
> > password change over DCE/RPC on the SAMR pipe.  It would appear that
> > even though I have all the normal reassembly options enabled in
> > Ethereal, that none of the SMB transaction responses are dissected
> > (although the transact requests are).
> > 
> > Any advice that can be offered would be GREATLY appreciated.
> > 
> > Thanks,
> > -- 
> > Devin Heitmueller
> > Senior Software Engineer
> > Netilla Networks Inc
> > 
-- 
Devin Heitmueller
Senior Software Engineer
Netilla Networks Inc