SMB2.0 protocol dissector

Wireshark is still not good enough for dissecting SMB2.0. I saw a lot of "Unknown fields" in the packet captures.
Netmonitor however shows more detailed packet traces for the same.Do use it .
The summary itself gives a lot of info as below:

5 57.848633 192.168.12.32 WINDOWSVISTALAB SMB2 SMB2: R CREATE (0x5), Context=MxAc, Context=QFid, FID=0xFFFFFFFF0000003D, Mid = 235
6 57.849610 WINDOWSVISTALAB 192.168.12.32 SMB2 SMB2: C CLOSE (0x6), FID=0xFFFFFFFF0000003D, Mid = 236
7 57.999024 192.168.12.32 WINDOWSVISTALAB SMB2 SMB2: R CLOSE (0x6), Mid = 236
8 57.999024 WINDOWSVISTALAB 192.168.12.32 SMB2 SMB2: C CREATE (0x5), Name=F1024K@#8, Context=DHnQ, Context=MxAc, Context=QFid, Mid = 237
9 58.148438 192.168.12.32 WINDOWSVISTALAB SMB2 SMB2: R CREATE (0x5), Context=MxAc, Context=DHnQ, Context=QFid, FID=0xFFFFFFFF00000041, Mid = 237
10 58.149414 WINDOWSVISTALAB 192.168.12.32 SMB2 SMB2: C CREATE (0x5), Context=DHnQ, Context=MxAc, Context=QFid, Mid = 238
11 58.298828 192.168.12.32 WINDOWSVISTALAB SMB2 SMB2: R CREATE (0x5), Context=MxAc, Context=QFid, FID=0xFFFFFFFF00000045, Mid = 238
12 58.298828 WINDOWSVISTALAB 192.168.12.32 SMB2 SMB2: C QUERY DIRECTORY (0xe), FID=0xFFFFFFFF00000045, FileName=F1024K, Mid = 239
More on this later.

Comments

Post a Comment

Popular posts from this blog

White water rafting at Dandeli

Image
Who : Ravi ,Suchi ,Amit ,Priyanka,Guru,Dakshina When : Nov 24th -25th 2007 Dandeli is a very small town 57kms from Dharwar and 95 kms from Belgaum. Although I have stayed most of my life in Belgaum,i never knew there was so much beauty so closeby waiting to be explored.The very idea of travelling from bangalore seems stupid,but we did it .. Dandeli can boast of dense ,moist decidious forests and the gr8 river Kali flowing across it. The town has very little to write abt ,but around the town there are a lot of resorts and nature camps --jungle lodges,bison resort,kulgi nature camp ..Also the Kavalla caves,Ullavi temple,Supa Dam,Syntheri rocks are other places of interest ... You can find a lot of info abt these on other sites .. What we enjoyed there was the river rafting and the leech ridden forest trek !!The first splash against the chilly waters to feel one with it ,the ride on the rapids,the "full servicing" as the local guide called it ,the adrenalin rush as we rowed upst
Read more

Melkote : The temple town

Image
  At Dhanush Koti : Living on the (l)edge On the way to Dhanush koti ... Kalyani Raya Gopura : The incomplete saga Guru Where : Melkote/Melukote Location : 150 kms from bangalore,35 kms from Mandya,3hrs to reach Route : Bangalore->Bidadi->Ramanagara->Mandya->Melkote When : 8th June 2008 Gang : Amit,Dakshina,Guru,Rani and Sudhi Places of interest : Yoganarasimha temple,Cheluvanarayana temple,Dhanush Koti Historic Significance : Very sacred place for Vaishnavites.It is said that Sri Ramanujacharya,the proponent of Vishishtadvaita, spent 14 yrs of his life here. Melukote is an ideal 1 day weekend getaway /picnic spot for bangalore dwellers. It has become famous after the song "Barso Re" from the film "Guru" was shot here. Thank you Rani for suggesting this place.Melukote is still a calm,quiet non crowded,unexplored place relatively.I hope it stays that way. Guru has mailed me the details and i am adding it here . Travel: ------- There are dire
Read more

Kodachadri : A fabulous weekend !!!

Image
Sunset @ Marvanthe beach Sunrise @ kodachadri Date : 5th Jan and 6th Jan 2008 Junta : Rani ,Shivaji and Guru, Dakshina Route :Bangalore -Shimoga-Kodachadri Junction-Kodachadri-Kollur-Marvanthe-Kundapur-Bangalore I think its once in a lifetime that u get to catch the sunlight over a hill and sunset over the sea. At least for me it was a great SUN Day :We literally followed the Sun !!! :) For some logistics : We set out by the Friday night 10.30 train to Shimoga .Reached there at 6.45 pm; freshened up; and took a service bus to Kollur [Another 3 hours ]. [You can direcly go to Kollur as well,and travel by jeep directly to Kodachadri ]. We got down 12 kms before Kollur ; and this was supposed to be the starting point of our trek. .We had to walk for abt 4 kms along a Jeep track before we reach Santosh Hotel,passing by an eco village to the right and a school ; Quite tired by then ,we ordered Puttu < a difft form of idli > and meals ,along with some delicious butter milk .There ar
Read more