On Sat, Jan 18, 2003 at 06:49:17PM -0000, Graham Turner wrote:
> it seems ethereal (v0.9.8) is reporting "Unknown command:17" in the info
> field of what i think to be the response from the server to a "SAM logon
> request".
>
> any info on how this can be more accurately decoded would be gladly
> received.
If the problem is that the SAMR packet is going to or from a TCP or UDP
port for which some Ethereal registers itself, so that the dissector in
question attempts to dissect the packet, it can be more accurately
decoded if the dissector in question can be modified to reject some
packets that don't look correct. (Rejecting packets with *any* error
might be a bad idea, as one reason for using a sniffer is to look for
bad packets for a particular protocol, and in that case you want the
packet dissected by the dissector for the protocol for the packet.)
However, we'd need to know what that dissector is; there's nothing in
the current CVS version of Ethereal that looks as if it'd report
something *exactly* like
Unknown command:17
but there are things that'd report
Unknown command (17)
or
Unknown command:0x11
So what's the protocol it's reporting for that packet?