Ethereal-users: Re: [Ethereal-users] Ethereal doesn't seem to decode CIFS?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <gharris@xxxxxxxxx>
Date: Thu, 29 May 2003 11:20:10 -0700
On Thu, May 29, 2003 at 01:20:40PM -0400, Jia-Ying Lu wrote:
> Has anyone gotten Ethereal to display captured CIFS traffic?

Yes.

> I seem to only see TCP packets that are not decoded further to reveal
> the CIFS data content.  Is decoding CIFS not supported even though
> SMB is?

If by "CIFS" and "SMB" you mean:

	CIFS: TCP traffic to port 445, with packets beginning with a
	32-bit header with 8 bits of zero and a 24-bit length field, as
	per Appendix B of the SNIA CIFS spec;

	SMB: TCP traffic to port 139, with packets beginning with a
	32-bit header with an 8-bit type field, an 8-bit flags field,
	and a 16-bit length field, with a type field value of 0 being a
	"session message", which could be an SMB request or response;

then both of them are supported.

However, if the traffic isn't going to port 139 or 445, it won't be
recognized as CIFS or SMB.