Has smbclient behavior changed from 2.2.8a to 3.0.0?

David Wuertele dave-gnus at bfnet.com
Tue Nov 4 21:39:21 GMT 2003 

Brenden> the computer, while in the second case the "Enumeration
Brenden> Domain" was the workgroup.

I saw this too!

I think it is because of some kind of security negotiation that is
going on.  Here is a RESPONSE packet that XP sent back to my
smbclient-3.0.0, which includes a security blob that among other
things seems to claim that the Domain is the same as the hostname.  Is
this a bug in the XP box's response, or did smbclient-3.0.0 screw up
the negotiation in order to get this?

Frame 22 (400 bytes on wire, 400 bytes captured)
    Arrival Time: Nov  3, 2003 14:37:03.194255000
    Time delta from previous packet: 0.002264000 seconds
    Time relative to first packet: 1.430907000 seconds
    Frame Number: 22
    Packet Length: 400 bytes
    Capture Length: 400 bytes
Ethernet II, Src: 00:50:56:31:01:01, Dst: 00:e0:81:27:66:5b
    Destination: 00:e0:81:27:66:5b (Tyan_Com_27:66:5b)
    Source: 00:50:56:31:01:01 (VMware_31:01:01)
    Type: IP (0x0800)
Internet Protocol, Src Addr: 192.168.5.211 (192.168.5.211), Dst Addr: 192.168.5.1 (192.168.5.1)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 386
    Identification: 0x0f6c
    Flags: 0x04
        .1.. = Don't fragment: Set
        ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (0x06)
    Header checksum: 0x5de5 (correct)
    Source: 192.168.5.211 (192.168.5.211)
    Destination: 192.168.5.1 (192.168.5.1)
Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 43029 (43029), Seq: 1045027736, Ack: 2373168455, Len: 334
    Source port: microsoft-ds (445)
    Destination port: 43029 (43029)
    Sequence number: 1045027736
    Next sequence number: 1045028070
    Acknowledgement number: 2373168455
    Header length: 32 bytes
    Flags: 0x0018 (PSH, ACK)
        0... .... = Congestion Window Reduced (CWR): Not set
        .0.. .... = ECN-Echo: Not set
        ..0. .... = Urgent: Not set
        ...1 .... = Acknowledgment: Set
        .... 1... = Push: Set
        .... .0.. = Reset: Not set
        .... ..0. = Syn: Not set
        .... ...0 = Fin: Not set
    Window size: 17177
    Checksum: 0x83ea (correct)
    Options: (12 bytes)
        NOP
        NOP

More information about the samba-technical mailing list