I added some quick code to dissect the payload of 0x0b as DCE/RPC
please check it with current svn of ethereal.
the 0x0b request in 468 looks just as one might expect.
look at frame 469.
Lets just say this one was a surprise.
On 11/24/05, ronnie sahlberg <ronniesahlberg@xxxxxxxxx> wrote:
> I just saw that myself 10 minutes ago.
>
>
> See packet 464/467 where the client binds to SRVSVC
>
> Then packets 468/469
> that are a request carrying the SRVSVC request and 469 is a
> response that also carries payload, the SRVSVC respnse
>
>
> now the question is what to call this opcode.
>
>
> Transaction ?
>
>
>
> On 11/24/05, Stefan (metze) Metzmacher <metze@xxxxxxxxx> wrote:
> > Stefan (metze) Metzmacher schrieb:
> > > tridge@xxxxxxxxx schrieb:
> > >> I thought the following might be useful for people interested in the
> > >> changes in SMB2 as compared to SMB.
> > >> Fewer Commands
> > >> --------------
> > >>
> > >> The number of top level commands has been greatly reduced, and is down
> > >> to 18 opcodes. Where SMB had a pile of different ways for doing
> > >> something, SMB2 has just one, which is a nice change. The commands
> > >> that we have found in SMB2 are
> > >>
> > >> NEGPROT 0x00
> > >> SESSSETUP 0x01
> > >> unknown 0x02
> > >
> > >> mount? 0x0B
> > > I saw this, directly after a DCERPC bind (which was done with
> write/read)
> > > I assume this is a call the passes data, and gets data as a result, so
> > > this seems to the missing call that make rpc calls faster without out
> > > the write/read overhead.
> >
> > btw: that was in ronnies look_at_the_acl.cap and the netshareenum2.cap
> >
> > --
> > metze
> >
> > Stefan Metzmacher <metze at samba.org> www.samba.org
> >
> > _______________________________________________
> > Smb2-protocol mailing list
> > Smb2-protocol@xxxxxxxxxxxx
> > http://www.ethereal.com/mailman/listinfo/smb2-protocol
> >
>
>
