On Dec 27, 2008, at 7:14 AM, Toralf Förster wrote:
I'm wondering about the current content of the field "Host name" of
the
Microsoft Windows Browser Protocol of the sniffed wlan packet
attached here :
https://bugs.wireshark.org/bugzilla/attachment.cgi?id=2136
The hostname seems to be "DESKTOP" but why are not all following
bytes
null ?
At least according to one spec I have (an old Internet-Draft from
Microsoft), that field is:
ServerName __Null terminated ASCII server name (up to 16 bytes
in length). This name SHOULD be registered with NetBIOS by
the server offering the services specified in the Type
field.
I think it's a 16-byte fixed-length field. Perhaps the sending
implementation doesn't bother nulling out *all* the extra bytes of the
field, thinking the null terminator sufficient. (It might actually be
"null-terminated unless it's 16 bytes long, so that there's only a
null terminator if the name doesn't fill up the field.)