Ethereal

Re: [Ethereal-users] Decode as ... SMB
Google
 
Web Ethereal.com

Home | Introduction | Documentation | Lists | FAQ | Development | Wiki | Bugs

Main Index | Thread Index | Mailing Lists | | Date Prev | Date Next | Thread Prev | Thread Next

Ethereal-users: July 2006

 

j.kuan@xxxxxxxxxxxx wrote:

I am using ethereal 0.10.13. When I right click on a capture packet
(in the packet list window) and select 'Decode as ...', I cannot find
the option SMB (or CIFS). Is there any reason why?

Because those options only apply to TCP and UDP, and SMB doesn't run directly over TCP, it either runs atop the NetBIOS Session Service or atop the SMB-over-TCP layer.

I am sure the packet is in SMB format as it contains 0xFF"SMB".

What protocol is SMB running atop? There are heuristic tests for SMB in NetBIOS-over-TCP and NetBEUI.

If it's running over NetBIOS-over-TCP's Session Service, or atop the SMB-over-TCP layer, is the 0xFF"SMB" at the beginning of the TCP segment?

Powered by MHonArc 2.6.10

Please send support questions about Ethereal to the ethereal-users[AT]ethereal.com mailing list.
For corrections/additions/suggestions for this web page (and not Ethereal support questions), please send email to ethereal-web[AT]ethereal.com.
Last modified: Fri, November 10 2006.
"Ethereal" and the "e" logo are registered trademarks of Ethereal, Inc.