Wireshark · Ethereal-users: Re: [Ethereal-users] Decode as ... SMB

Ethereal-users: Re: [Ethereal-users] Decode as ... SMB

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Wed, 05 Jul 2006 23:52:32 -0700

j.kuan@xxxxxxxxxxxx wrote:

I am using ethereal 0.10.13. When I right click on a capture packet
(in the packet list window) and select 'Decode as ...', I cannot find
the option SMB (or CIFS). Is there any reason why?

Because those options only apply to TCP and UDP, and SMB doesn't rundirectly over TCP, it either runs atop the NetBIOS Session Service oratop the SMB-over-TCP layer.

I am sure the packet is in SMB format as it contains 0xFF"SMB".

What protocol is SMB running atop? There are heuristic tests for SMB inNetBIOS-over-TCP and NetBEUI.

If it's running over NetBIOS-over-TCP's Session Service, or atop theSMB-over-TCP layer, is the 0xFF"SMB" at the beginning of the TCP segment?

_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users

References:
- [Ethereal-users] Decode as ... SMB
  - From: j.kuan

Prev by Date: [Ethereal-users] Large Capture File Analysis
Next by Date: [Ethereal-users] "TCP Segment of a reassembled PDU" - clarification, please?
Previous by thread: [Ethereal-users] Decode as ... SMB
Next by thread: [Ethereal-users] Re: Ethereal-usersCompiling error: [packet-snmp.lo] Error 1
Index(es):
- Date
- Thread