Ethereal-dev: Re: [ethereal-dev] SMB decoding and generating decoders

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: guy@xxxxxxxxxx (Guy Harris)
Date: Thu, 20 May 1999 00:35:48 -0700 (PDT)
> In "logical transmission" mode, the multiple packets of a single
> transmission are grouped together. In "logical transmission" mode,
> some packets are still a single tranmission (like a BOOTP broadcast). In
> the table of packets, these packets would maintain their datalink
> types (DLT_FDDI, WTAP_ETHERNET, whatever). But the packets that have
> been grouped together get a different 'datalink' type, say LOG_TCP,
> LOG_SPX, LOG_IP, or whatever the layer at which the packets are
> grouped together is.

For SMB, they'd be grouped together at the NBT layer; the NBT header
says how many bytes are in the NetBIOS Session Service packet, and it'd
probably be the routine that'd keep track of which parts of which TCP
segments were part of a particular NBSS packet.

Similarly, for ONC RPC over TCP, say, the RPC-over-TCP layer (which
would sit above the main ONC RPC layer) would accumulate the record
fragments into a single ONC RPC packet.

For fragmented UDP data (e.g., NFS READ, READDIR, or READDIRPLUS
replies, or WRITE requests, that don't fit into a single IP datagram),
UDP would group the packets together.