Domain name string in SMB Negotiate Protocol Response always
unicode?
Yimin Chen
ymchen at cisco.com
Fri Jul 22 21:34:35 GMT 2005
Hi,
In my testing, I noticed that
1) in Negotiate Protocol Response from a W2K domain controller, the
domain and server NetBIOS names are always unicode even though flag2 in
SMB header indicate the string is ASCII.
2) In Session Setup Andx Response from a W2K domain controller, the
domain name string is indeed ASCII if flag2 indicates so.
Have anyone seen such behavior? Is this expected? Your clarification is
appreciated!
Thanks!
Yimin
PS:
I have attached the sniffer trace of the Negotiate Protocol
Request/Response below:
No. Time Source Destination Protocol
Info
7 0.013922 128.107.192.216 128.107.193.178 SMB
Negotiate Protocol Request
Frame 7 (222 bytes on wire, 222 bytes captured)
Ethernet II, Src: 00:02:4a:4b:00:38, Dst: 00:02:b3:10:b9:22
Internet Protocol, Src Addr: 128.107.192.216 (128.107.192.216), Dst
Addr: 128.107.193.178 (128.107.193.178)
Transmission Control Protocol, Src Port: 25487 (25487), Dst Port:
netbios-ssn (139), Seq: 73, Ack: 5, Len: 168
NetBIOS Session Service
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response in: 8
SMB Command: Negotiate Protocol (0x72)
Error Class: Success (0x00)
Reserved: 00
Error Code: No Error
Flags: 0x00
0... .... = Request/Response: Message is a request to the
server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...0 .... = Canonicalized Pathnames: Pathnames are not
canonicalized
.... 0... = Case Sensitivity: Path names are case sensitive
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0x0000
0... .... .... .... = Unicode Strings: Strings are ASCII
.0.. .... .... .... = Error Code Type: Error codes are DOS
error codes
..0. .... .... .... = Execute-only Reads: Don't permit
reads if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 0... .... .... = Extended Security Negotiation:
Extended security negotiation is not supported
.... .... .0.. .... = Long Names Used: Path names in
request are not long file names
.... .... .... .0.. = Security Signatures: Security
signatures are not supported
.... .... .... ..0. = Extended Attributes: Extended
attributes are not supported
.... .... .... ...0 = Long Names Allowed: Long file names
are not allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 0
Process ID: 9972
User ID: 0
Multiplex ID: 9972
Negotiate Protocol Request (0x72)
Word Count (WCT): 0
Byte Count (BCC): 129
Requested Dialects
Dialect: PC NETWORK PROGRAM 1.0
Dialect: MICROSOFT NETWORKS 1.03
Dialect: MICROSOFT NETWORKS 3.0
Dialect: LANMAN1.0
Dialect: LM1.2X002
Dialect: Samba
Dialect: NT LM 0.12
Dialect: NT LANMAN 1.0
0000 00 02 b3 10 b9 22 00 02 4a 4b 00 38 08 00 45 00 ....."..JK.8..E.
0010 00 d0 9e 90 40 00 3d 06 1b 36 80 6b c0 d8 80 6b .... at .=..6.k...k
0020 c1 b2 63 8f 00 8b c2 bc dd 20 5c 7a ec d0 50 18 ..c...... \z..P.
0030 16 d0 88 70 00 00 00 00 00 a4 ff 53 4d 42 72 00 ...p.......SMBr.
0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 00 f4 26 00 00 f4 26 00 81 00 02 50 43 .....&...&....PC
0060 20 4e 45 54 57 4f 52 4b 20 50 52 4f 47 52 41 4d NETWORK PROGRAM
0070 20 31 2e 30 00 02 4d 49 43 52 4f 53 4f 46 54 20 1.0..MICROSOFT
0080 4e 45 54 57 4f 52 4b 53 20 31 2e 30 33 00 02 4d NETWORKS 1.03..M
0090 49 43 52 4f 53 4f 46 54 20 4e 45 54 57 4f 52 4b ICROSOFT NETWORK
00a0 53 20 33 2e 30 00 02 4c 41 4e 4d 41 4e 31 2e 30 S 3.0..LANMAN1.0
00b0 00 02 4c 4d 31 2e 32 58 30 30 32 00 02 53 61 6d ..LM1.2X002..Sam
00c0 62 61 00 02 4e 54 20 4c 4d 20 30 2e 31 32 00 02 ba..NT LM 0.12..
00d0 4e 54 20 4c 41 4e 4d 41 4e 20 31 2e 30 00 NT LANMAN 1.0.
No. Time Source Destination Protocol
Info
8 0.013997 128.107.193.178 128.107.192.216 SMB
Negotiate Protocol Response
Frame 8 (167 bytes on wire, 167 bytes captured)
Ethernet II, Src: 00:02:b3:10:b9:22, Dst: 00:02:4a:4b:00:38
Internet Protocol, Src Addr: 128.107.193.178 (128.107.193.178), Dst
Addr: 128.107.192.216 (128.107.192.216)
Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port:
25487 (25487), Seq: 5, Ack: 241, Len: 113
NetBIOS Session Service
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 7
Time from request: 0.000075000 seconds
SMB Command: Negotiate Protocol (0x72)
Error Class: Success (0x00)
Reserved: 00
Error Code: No Error
Flags: 0x80
1... .... = Request/Response: Message is a response to the
client/redirector
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...0 .... = Canonicalized Pathnames: Pathnames are not
canonicalized
.... 0... = Case Sensitivity: Path names are case sensitive
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0x0000
0... .... .... .... = Unicode Strings: Strings are ASCII
.0.. .... .... .... = Error Code Type: Error codes are DOS
error codes
..0. .... .... .... = Execute-only Reads: Don't permit
reads if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 0... .... .... = Extended Security Negotiation:
Extended security negotiation is not supported
.... .... .0.. .... = Long Names Used: Path names in
request are not long file names
.... .... .... .0.. = Security Signatures: Security
signatures are not supported
.... .... .... ..0. = Extended Attributes: Extended
attributes are not supported
.... .... .... ...0 = Long Names Allowed: Long file names
are not allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 0
Process ID: 9972
User ID: 0
Multiplex ID: 9972
Negotiate Protocol Response (0x72)
Word Count (WCT): 17
Dialect Index: 6, greater than LANMAN2.1
Security Mode: 0x03
.... ...1 = Mode: USER security mode
.... ..1. = Password: ENCRYPTED password. Use
challenge/response
.... .0.. = Signatures: Security signatures NOT enabled
.... 0... = Sig Req: Security signatures NOT required
Max Mpx Count: 50
Max VCs: 1
Max Buffer Size: 16644
Max Raw Buffer: 65536
Session Key: 0x00000000
Capabilities: 0x0000f3fd
.... .... .... .... .... .... .... ...1 = Raw Mode: Read
Raw and Write Raw are supported
.... .... .... .... .... .... .... ..0. = MPX Mode: Read
Mpx and Write Mpx are not supported
.... .... .... .... .... .... .... .1.. = Unicode: Unicode
strings are supported
.... .... .... .... .... .... .... 1... = Large Files:
Large files are supported
.... .... .... .... .... .... ...1 .... = NT SMBs: NT SMBs
are supported
.... .... .... .... .... .... ..1. .... = RPC Remote APIs:
RPC remote APIs are supported
.... .... .... .... .... .... .1.. .... = NT Status Codes:
NT status codes are supported
.... .... .... .... .... .... 1... .... = Level 2 Oplocks:
Level 2 oplocks are supported
.... .... .... .... .... ...1 .... .... = Lock and Read:
Lock and Read is supported
.... .... .... .... .... ..1. .... .... = NT Find: NT Find
is supported
.... .... .... .... ...1 .... .... .... = Dfs: Dfs is supported
.... .... .... .... ..1. .... .... .... = Infolevel
Passthru: NT information level request passthrough is supported
.... .... .... .... .1.. .... .... .... = Large ReadX:
Large Read andX is supported
.... .... .... .... 1... .... .... .... = Large WriteX:
Large Write andX is supported
.... .... 0... .... .... .... .... .... = UNIX: UNIX
extensions are not supported
.... ..0. .... .... .... .... .... .... = Reserved: Reserved
..0. .... .... .... .... .... .... .... = Bulk Transfer:
Bulk Read and Bulk Write are not supported
.0.. .... .... .... .... .... .... .... = Compressed Data:
Compressed data transfer is not supported
0... .... .... .... .... .... .... .... = Extended
Security: Extended security exchanges are not supported
System Time: Jun 27, 2005 11:25:48.128227200
Server Time Zone: 420 min from UTC
Key Length: 8
Byte Count (BCC): 40
Encryption Key: 14B8C757D1134E67
Primary Domain: CNBU1
Server: AD-TEST-1
0000 00 02 4a 4b 00 38 00 02 b3 10 b9 22 08 00 45 00 ..JK.8....."..E.
0010 00 99 dc c1 40 00 80 06 9a 3b 80 6b c1 b2 80 6b .... at ....;.k...k
0020 c0 d8 00 8b 63 8f 5c 7a ec d0 c2 bc dd c8 50 18 ....c.\z......P.
0030 ff 0f f8 d0 00 00 00 00 00 6d ff 53 4d 42 72 00 .........m.SMBr.
0040 00 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 00 f4 26 00 00 f4 26 11 06 00 03 32 00 .....&...&....2.
0060 01 00 04 41 00 00 00 00 01 00 00 00 00 00 fd f3 ...A............
0070 00 00 e0 2e d1 a3 45 7b c5 01 a4 01 08 28 00 14 ......E{.....(..
0080 b8 c7 57 d1 13 4e 67 43 00 4e 00 42 00 55 00 31 ..W..NgC.N.B.U.1
0090 00 00 00 41 00 44 00 2d 00 54 00 45 00 53 00 54 ...A.D.-.T.E.S.T
00a0 00 2d 00 31 00 00 00 .-.1...
More information about the samba-technical
mailing list