Ethereal-dev: Re: [Ethereal-dev] smb, dcerpc, having old-style dissector call a tvbuff one?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Richard Sharpe <sharpe@xxxxxxxxxx>
Date: Mon, 23 Jul 2001 00:54:11 +0930
Hi,
This week, along with all the other things I am doing, I will try to find the time to fix my auth-generator for the smb dissector. I now have a copy of the latest CIFS draft, so I can fid up the things that are wrong, and I will add in support for TVBs, as well as fix Unicode support etc ... 

Todd Sabin wrote:


Tim Potter <tpot@xxxxxxxxxxx> writes:



Todd Sabin writes:



Guy Harris <guy@xxxxxxxxxx> writes:


Using the file/pipe number would probably work as a short-term solution,
as long as you don't run DCE RPC over both port 138 and port 139 SMB
(or, if you do, they get different file/pipe numbers).


[...]



Anyway, I'm going to try the TCP port plus file id for now.  Would
love to hear from SMB gurus if that sounds like a reasonable approx.


I had most of a patch to do this.  You need to take the uid from
the sesssetupX packet, the tid from the tconX, and the fid from
the ntcreateX packet.  This information, plus the existing
guint32 conversation id gives you a unique tuple that you can
match to a pipe name.




Cool.  Do you still have the patch lying around somewhere?  Can you
send me what you've got so far?



I ended up getting annoyed at not having a DCE/RPC idl compiler
that could generate a custom back end (i.e an ethereal dissector)
so ethereal could become a better netmon.




Well, don't give up yet.  I don't have a full IDL compiler finished,
but I don't think making ethereal better than netmon fairly soon
requires that.  I don't think a similar beast exists for netmon,
outside of MS, for example.  Do you know of one?

I find just having the names of the functions being called is a
tremendous help.  I've written netmon parsers to do that for samr,
winreg, and a few others.  Dissecting all the parameters would be
ideal, of course, but even the parsers supplied with netmon often get
those wrong.

Once these SMB issues are ironed out, I'll work up very basic
dissectors for lsarpc, samr, winreg, wkssvc, etc.

I also want to replace packet-mapi with something that actually works,
but that's separate from the SMB stuff.


Todd

_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-dev





--
Richard Sharpe, rsharpe@xxxxxxxxxx, LPIC1
www.samba.org, www.ethereal.com, SAMS Teach Yourself Samba
in 24 Hours, Special Edition, Using Samba