[linux-cifs-client] NetBIOS Session Service question

[kewlemer]

> > In both cases, I found that there is "NetBIOS Session  Service" data
> > (with type always set to Session Message) that comes up in all the
> > packets from the SMB Negotiate Protocol Request onwards. I can
> > understand that this is needed in case of NBT since it uses NetBIOS.
> > But can anyone tell me why I see these "NetBIOS Session  Service" data
> > in case of raw transport SMB packets ?
>
> I get this question a lot.  The problem is in the nomenclature.
>
> With NBT, a small amount of setup is done to establish a NetBIOS session
> within a TCP session.  Once that is completed, data can be exchanged within
> the TCP session (and the NetBIOS session is all but forgotten).
>
> ...except that NetBIOS messages are discreet packets.  They're not a stream.
>  TCP is a stream protocol, like reading a file.  So the NBT Session Message
> Header was created so that it'd be easy to know where each NetBIOS session
> message started and ended.
>
> With the move to port 445 the whole NetBIOS thing goes away, but not the
> problem of discreet messages.  The NBT Session Message Header was kept
> because you still need to know how long each SMB message is in order to
> parse them out of the stream.
>
> The nomenclature problem is that they're still called "NBT Session Service
> data".
>
> It's really just message framing.  That's all.
>
> Oh... and the format of that header has changed slightly as well.  It's now
> one byte of zeros followed by a 24-bit unsigned integer (though no one
> really uses all those bytes).
>

Got it ! Thanks very much for the neat explanation.

And thanks for writing the wonderful CIFS book (I've purchased the
book) ! It's helped me tremendously in getting up and running and now
in hacking CIFS/SAMBA code.

Regards,
KM