[cifs-protocol] double send of command joined from a upstream windows Server
Matthieu Patou
mat at samba.org
Tue Sep 27 21:44:32 MDT 2011
Hello hongwei,
Following our talk concerning the double send of "command_joined"
packets from a W2K3R2 server when talking to a samba server.
Here is the wireshark capture and the keytab to decrypt it.
By getting a recent version of wireshark is needed. You can get nightly
build at http://www.wireshark.org/download/automated/win32/ newer than
the revision 38976 (which is ~ 2 weeks old).
The way to use it is:
wireshark -K w2k_2.keytab frs_big_file_samba.pcap.
I attached the screenshot of this packets it's packets 319 and 321.
Thanks for explaining what's going on, and maybe update the doc.
Matthieu.
--
Matthieu Patou
Samba Team
http://samba.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: w2k_2.keytab
Type: application/octet-stream
Size: 970 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20110927/0f122031/attachment-0001.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: frs_big_file_samba.pcap
Type: application/cap
Size: 89589 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20110927/0f122031/attachment-0001.pcap>
More information about the cifs-protocol
mailing list