[cifs-protocol] [REG:111092854890403] RE: double send of command joined from a upstream windows Server

Hongwei Sun hongweis at microsoft.com
Wed Oct 19 16:59:28 MDT 2011 

Matthieu,

  Do you have a chance to send the information I request below?  I have a trouble to see the sequence of the packets without decrypting it.   If you don't have time to work on it,  I can archive it and we can work on it whenever you get time.

Thanks!

Hongwei
 

-----Original Message-----
From: Hongwei Sun 
Sent: Thursday, October 13, 2011 5:49 PM
To: 'mat at samba.org'; 'pfif at tridgell.net'; 'cifs-protocol at samba.org'
Cc: MSSolve Case Email
Subject: RE: [REG:111092854890403] RE: double send of command joined from a upstream windows Server

Matthieu,

   Can you send me the screenshot  you mentioned in your e-mail ?   Even I cannot make the decryption work with the correct version, looking at the screen may help me know the scenario.

Thanks!

HOngwei 

-----Original Message-----
From: Hongwei Sun 
Sent: Tuesday, October 11, 2011 5:27 PM
To: 'mat at samba.org'; pfif at tridgell.net; cifs-protocol at samba.org
Cc: MSSolve Case Email
Subject: [REG:111092854890403] RE: double send of command joined from a upstream windows Server

Matthieu,

   I downloaded the wireshark 1.6.2 ,which is the latest version I can download.  But I still don't see the option for me to provide the file name for keytab file in krb5 screen.   What is the minimum version of  Wireshark for me to use with your keytab file for decryption ?    I am running Windows 64bit version of Wireshark.   

Thanks!

Hongwei

-----Original Message-----
From: Matthieu Patou [mailto:mat at samba.org] 
Sent: Tuesday, September 27, 2011 10:45 PM
To: Hongwei Sun; pfif at tridgell.net; cifs-protocol at samba.org; Interoperability Documentation Help
Subject: double send of command joined from a upstream windows Server

Hello hongwei,

Following our talk concerning the double send of "command_joined" 
packets from a W2K3R2 server when talking to a samba server.

Here is the wireshark capture and the keytab to decrypt it.

By getting a recent version of wireshark is needed. You can get nightly build at http://www.wireshark.org/download/automated/win32/ newer than the revision 38976 (which is ~ 2 weeks old).

The way to use it is:
wireshark -K w2k_2.keytab frs_big_file_samba.pcap.

I attached the screenshot of this packets it's packets 319 and 321.

Thanks for explaining what's going on, and maybe update the doc.

Matthieu.

--
Matthieu Patou
Samba Team
http://samba.org

More information about the cifs-protocol mailing list