Wireshark-dev: Re: [Wireshark-dev] Run-time error (samr.hnd disappeared)

From: "ronnie sahlberg" <ronniesahlberg@xxxxxxxxx>
Date: Mon, 9 Jul 2007 11:06:26 +0000
i temporarily disabled sidsnooping for now.


sidsnooping was an idea i had a long time ago  but i never finished properly.
it would be nice if it were enhanced in the future to actually look at
most of the dcerpc commands where sids are mapped and used it.
it would also be nice with a small gui where one can see which sids
are known and mapped.

it would take a lot of time to fix it correctly so it becomes useful.
maybe i will do it soon....   i hope


On 7/9/07, Martin Mathieson <martin.r.mathieson@xxxxxxxxxxxxxx> wrote:
I'm seeing this error when starting wireshark (despite tshark below in
the error output).

Ronnie - will you be adding samr.hnd back again as a field, or should
this filter expression (in packet-smb-sidsnooping.c) be changed now?


tshark: Couldn't register
proto_reg_handoff_smb_sidsnooping()/samr_query_dispinfo tap: Filter
"samr and samr.opnum==40 and ( samr.hnd or samr.rid or samr.acct_name
or samr.level )" is invalid - "samr.hnd" is neither a field nor a
protocol name.
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev