Ethereal: Re: [Ethereal-dev] smb, dcerpc, having old-style dissector call a tvbuff one?

Ethereal-dev: August 2001

Subject: Re: [Ethereal-dev] smb, dcerpc, having old-style dissector call a tvbuff one?
From: Guy Harris <gharris@xxxxxxxxx>
Date: Thu, 2 Aug 2001 10:14:12 -0700

On Sun, Jul 22, 2001 at 05:46:39PM +1000, Tim Potter wrote:
> I had most of a patch to do this.  You need to take the uid from
> the sesssetupX packet, the tid from the tconX, and the fid from
> the ntcreateX packet.  This information, plus the existing
> guint32 conversation id gives you a unique tuple that you can
> match to a pipe name.

Will the UID and TID be the same as the ones that appear in the
TRANSACTION SMB that contains the MSRPC messages?

And does the FID appear in the TRANSACTION SMB?  If not, something else
in that SMB must indicate which pipe is being used.

Follow-Ups:
- Re: [Ethereal-dev] smb, dcerpc, having old-style dissector call a tvbuff one?
  - From: Tim Potter

Prev by Date: Re: [Ethereal-dev] Updated Pgm dissector
Next by Date: Re: [Ethereal-dev] smb, dcerpc, having old-style dissector call a tvbuff one?
Previous by thread: Re: [Ethereal-dev] Updated Pgm dissector
Next by thread: Re: [Ethereal-dev] smb, dcerpc, having old-style dissector call a tvbuff one?
Index(es):
- Date
- Thread