Wireshark · Ethereal-users: Re: [Ethereal-users] windows 2000 decode

Ethereal-users: Re: [Ethereal-users] windows 2000 decode

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <guy@xxxxxxxxxx>

Date: Tue, 21 Jan 2003 10:59:14 -0800

On Sat, Jan 18, 2003 at 06:49:17PM -0000, Graham Turner wrote:
> I am attempting to decode the windows 2000 professional startup and logon to
> a Windows 2000 Active Directory.
> 
> it seems ethereal (v0.9.8) is reporting "Unknown command:17"

Actually, what it's reporting in the Info column is "Unknown
Command:17"; perhaps I should have done a case-insensitive search
through the source code, which would've found the NETLOGON dissector -
but it'd have found a number of other dissectors.

> any info on how this can be more accurately decoded would be gladly
> received.

It can be more accurately decoded by finding documentation for that
packet's format and adding code to the NETLOGON dissector to dissect
that packet based on that documentation, or perhaps by having some other
packet analyzer decode it (if any do) and having Ethereal dissect it
similarly.

That will probably happen at some point, but there's no guarantee when
it'll happen.

Follow-Ups:
- Re: [Ethereal-users] windows 2000 decode
  - From: Guy Harris

References:
- [Ethereal-users] windows 2000 decode
  - From: Graham Turner

Prev by Date: [Ethereal-users] Are there any tools to trace the IP address into geographical location in batch?
Next by Date: [Ethereal-users] File header
Previous by thread: Re: [Ethereal-users] windows 2000 decode
Next by thread: Re: [Ethereal-users] windows 2000 decode
Index(es):
- Date
- Thread