SMB RTT statistics are similar to the RTT statistics already supported by ONC-RPC and DCE-RPC.
It will present a table with all seen SMB commands and present the Min/Max and Avg response time in ms.
Transaction2 and NT-Transaction commands are broken out and presented in its own subtables.
tethereal feature is activated with -z smb,rtt switch
and in ethereal it is activated either through -0z smb,rtt switch or through the Menu.
svn path=/trunk/; revision=6966
If we do not see the TreeConnect call when a TID is connected, we did not
know it was a IPC share.
If we do not know what kind of share it is we assume it being a normal one
and thus read/write data to that share is normal file i/o.
Update the dissector so that IF it sees a Transaction SMB carrying PIPE (dcerpc)
then we assume that all other read/write to that TID is also DCERPC.
I.e. we assume the entire TID is IPC.
svn path=/trunk/; revision=6747
rid of the annoying STATUS_BUFFER_OVERFLOW messages when dissecting
large DCERPC responses as a buffer overflow is only a informational
message not an error.
svn path=/trunk/; revision=6632
sequence numbers or offsets and are thus assumed to be received in order
with no duplicates or dropped fragments (e.g., for NetBIOS Frame, where
802.2 LLC guarantees in-order delivery to NetBIOS with no duplicates or
dropped fragments).
"show_fragment_tree()' and "show_fragment_seq_tree()" don't modify the
"fragment_items" to which the "fit" argument points, so make that
argument a "const fragment_items *".
Make all the "fragment_items" tables "static" (as they're not used
outside the modules defining them) and "const" (as they're not
modified).
Add support for reassembly of NetBIOS fragmented requests and responses.
Get rid of an unnecessary include of "packet-tr.c" in the NetBIOS
dissector, and make its table of dissection function pointers static.
Fix some typos in the AppleTalk and NetBIOS dissectors.
svn path=/trunk/; revision=6491
parameter and data, so the LANMAN RAP pipe dissector, for example,
doesn't get confused and think there is an auxiliary data descriptor in
the parameters when there isn't.
Note that in at least one Negotiate Protocol reply it looks as if a
Unicode domain name might've been aligned.
svn path=/trunk/; revision=6017
the flags field in NTLMSSP messages as a 32-bit field.
Make "get_unicode_or_ascii_string()" take a "Unicode or not" flag rather
than a "packet_info *" as an argument, make it not static, and move it
to "packet-smb-common.c", so that it can be used by the SMB dissector
and the NTLMSSP dissector. Also get rid of some _U_'s that are applied
to arguments that are, in fact, used.
svn path=/trunk/; revision=5976
equivalents for the toplevel directory. The removal of winsock2.h will
hopefully not cause any problems under MSVC++, as those files using
struct timeval still include wtap.h, which still includes winsock2.h.
svn path=/trunk/; revision=5932
SMB sees the PDU, then SMB would forget to create the proper state variables and crash.
SMB is changed to split the operation into
1, only create a conversation if it needs to. (as before)
2, detect if it needs to create the si.ct state variables independant of
whether smb also created a conversation or not.
Without this patch and with changes to say TCP to create conversations ethereal would crash at the first packet the SMB dissector would see.
svn path=/trunk/; revision=5906
but for stuff reassembled with "fragment_add_seq()" or
"fragment_add_seq_check()".
Add a "fragment tag" string to the "fragment_items", so that packets
with fragmentation errors can be properly flagged as having "Illegal
fragments" or "Illegal segments" depending on the term used with the
protocol in question.
Make all the dissectors that can use "show_fragment_tree()" or
"show_fragment_seq_tree()", and don't already use them, do so.
svn path=/trunk/; revision=5644
task of creating a fregment tree for the fragmented packets.
Having this identical code to create this tree in every dissector that does
PDU reassembly is a huge waste and duplication of code.
Updated IP, SMB and DCERPC to use the new function.
svn path=/trunk/; revision=5626
in the "packet_info" structure instead, as we don't need a pointer for
every single frame in the capture file, just for each frame for which we
currently have an open "epan_dissect_t".
svn path=/trunk/; revision=5614
TRANS2_SET_FILE_INFORMATION parameters as reserved.
Change/add comments to reflect information from Microsoft Networks SMB
File Sharing Protocol Extensions Version 3.0, Document Version 1.11,
July 19, 1990.
svn path=/trunk/; revision=5568
Microsoft Networks SMB File Sharing Protocol Extensions Version
2.0, Document Version 3.3, November 7, 1988;
Microsoft Networks SMB File Sharing Protocol Extensions Version
3.0, Document Version 1.11, July 19, 1990.
svn path=/trunk/; revision=5566
The function request/call are dissected but the main body of the function
in/out parameters consists of a unidimensional conformant and varying array of bytes which content is encrypted/obfuscated.
Whoever can tell me how to decrypt/unobfuscate these bytes will get
a case of VB next time in Sydney.
svn path=/trunk/; revision=5532
"dissect_nt_sec_desc()".
Also, get rid of code to handle lengths of -1 in "dissect_nt_sec_desc()"
- we never pass it a length of -1, as security descriptors aren't sent
over the wire with NDR syntax.
svn path=/trunk/; revision=5317
Remove the declaration of "dissect_nt_sid()" from
"packet-dcerpc-samr.c"; get it by including "packet-smb-common.h",
instead.
svn path=/trunk/; revision=5313