[cifs-protocol] [REG:111092854890403] RE: double send of command joined from a upstream windows Server

Hongwei Sun hongweis at microsoft.com
Fri Oct 21 15:20:54 MDT 2011


Matthieu,

  Do you get a chance to capture the screen shot with the FRS1 packets displayed ?    It will be ideal if I can decrypt myself, but I cannot get a version of wireshark to allow me to do that.   So the screen shot at least show me all the packet sequences so I have something to work with.    I may need to work with the product team, so I need some information to show them.  

Thanks!

Hongwei

-----Original Message-----
From: Matthieu Patou [mailto:mat at samba.org] 
Sent: Wednesday, October 19, 2011 6:04 PM
To: Hongwei Sun
Cc: pfif at tridgell.net; cifs-protocol at samba.org; MSSolve Case Email
Subject: Re: [REG:111092854890403] RE: double send of command joined from a upstream windows Server

Hi hongwei I'm planning to work on it tomorrow,

the best though would be to catch me tomorrow so that I can show you in a live demo.

Matthieu
On 20/10/2011 00:59, Hongwei Sun wrote:
> Matthieu,
>
>    Do you have a chance to send the information I request below?  I have a trouble to see the sequence of the packets without decrypting it.   If you don't have time to work on it,  I can archive it and we can work on it whenever you get time.
>
> Thanks!
>
> Hongwei
>
>
> -----Original Message-----
> From: Hongwei Sun
> Sent: Thursday, October 13, 2011 5:49 PM
> To: 'mat at samba.org'; 'pfif at tridgell.net'; 'cifs-protocol at samba.org'
> Cc: MSSolve Case Email
> Subject: RE: [REG:111092854890403] RE: double send of command joined 
> from a upstream windows Server
>
> Matthieu,
>
>     Can you send me the screenshot  you mentioned in your e-mail ?   Even I cannot make the decryption work with the correct version, looking at the screen may help me know the scenario.
>
> Thanks!
>
> HOngwei
>
> -----Original Message-----
> From: Hongwei Sun
> Sent: Tuesday, October 11, 2011 5:27 PM
> To: 'mat at samba.org'; pfif at tridgell.net; cifs-protocol at samba.org
> Cc: MSSolve Case Email
> Subject: [REG:111092854890403] RE: double send of command joined from 
> a upstream windows Server
>
> Matthieu,
>
>     I downloaded the wireshark 1.6.2 ,which is the latest version I can download.  But I still don't see the option for me to provide the file name for keytab file in krb5 screen.   What is the minimum version of  Wireshark for me to use with your keytab file for decryption ?    I am running Windows 64bit version of Wireshark.
>
> Thanks!
>
> Hongwei
>
> -----Original Message-----
> From: Matthieu Patou [mailto:mat at samba.org]
> Sent: Tuesday, September 27, 2011 10:45 PM
> To: Hongwei Sun; pfif at tridgell.net; cifs-protocol at samba.org; 
> Interoperability Documentation Help
> Subject: double send of command joined from a upstream windows Server
>
> Hello hongwei,
>
> Following our talk concerning the double send of "command_joined"
> packets from a W2K3R2 server when talking to a samba server.
>
> Here is the wireshark capture and the keytab to decrypt it.
>
> By getting a recent version of wireshark is needed. You can get nightly build at http://www.wireshark.org/download/automated/win32/ newer than the revision 38976 (which is ~ 2 weeks old).
>
> The way to use it is:
> wireshark -K w2k_2.keytab frs_big_file_samba.pcap.
>
> I attached the screenshot of this packets it's packets 319 and 321.
>
> Thanks for explaining what's going on, and maybe update the doc.
>
> Matthieu.
>
> --
> Matthieu Patou
> Samba Team
> http://samba.org
>


--
Matthieu Patou
Samba Team
http://samba.org




More information about the cifs-protocol mailing list