Matthieu, Do you get a chance to capture the screen shot with the FRS1 packets displayed ? It will be ideal if I can decrypt myself, but I cannot get a version of wireshark to allow me to do that. So the screen shot at least show me all the packet sequences so I have something to work with. I may need to work with the product team, so I need some information to show them.
Thanks! Hongwei -----Original Message----- From: Matthieu Patou [mailto:m...@samba.org] Sent: Wednesday, October 19, 2011 6:04 PM To: Hongwei Sun Cc: p...@tridgell.net; cifs-proto...@samba.org; MSSolve Case Email Subject: Re: [REG:111092854890403] RE: double send of command joined from a upstream windows Server Hi hongwei I'm planning to work on it tomorrow, the best though would be to catch me tomorrow so that I can show you in a live demo. Matthieu On 20/10/2011 00:59, Hongwei Sun wrote: > Matthieu, > > Do you have a chance to send the information I request below? I have a > trouble to see the sequence of the packets without decrypting it. If you > don't have time to work on it, I can archive it and we can work on it > whenever you get time. > > Thanks! > > Hongwei > > > -----Original Message----- > From: Hongwei Sun > Sent: Thursday, October 13, 2011 5:49 PM > To: 'm...@samba.org'; 'p...@tridgell.net'; 'cifs-proto...@samba.org' > Cc: MSSolve Case Email > Subject: RE: [REG:111092854890403] RE: double send of command joined > from a upstream windows Server > > Matthieu, > > Can you send me the screenshot you mentioned in your e-mail ? Even I > cannot make the decryption work with the correct version, looking at the > screen may help me know the scenario. > > Thanks! > > HOngwei > > -----Original Message----- > From: Hongwei Sun > Sent: Tuesday, October 11, 2011 5:27 PM > To: 'm...@samba.org'; p...@tridgell.net; cifs-proto...@samba.org > Cc: MSSolve Case Email > Subject: [REG:111092854890403] RE: double send of command joined from > a upstream windows Server > > Matthieu, > > I downloaded the wireshark 1.6.2 ,which is the latest version I can > download. But I still don't see the option for me to provide the file name > for keytab file in krb5 screen. What is the minimum version of Wireshark > for me to use with your keytab file for decryption ? I am running Windows > 64bit version of Wireshark. > > Thanks! > > Hongwei > > -----Original Message----- > From: Matthieu Patou [mailto:m...@samba.org] > Sent: Tuesday, September 27, 2011 10:45 PM > To: Hongwei Sun; p...@tridgell.net; cifs-proto...@samba.org; > Interoperability Documentation Help > Subject: double send of command joined from a upstream windows Server > > Hello hongwei, > > Following our talk concerning the double send of "command_joined" > packets from a W2K3R2 server when talking to a samba server. > > Here is the wireshark capture and the keytab to decrypt it. > > By getting a recent version of wireshark is needed. You can get nightly build > at http://www.wireshark.org/download/automated/win32/ newer than the revision > 38976 (which is ~ 2 weeks old). > > The way to use it is: > wireshark -K w2k_2.keytab frs_big_file_samba.pcap. > > I attached the screenshot of this packets it's packets 319 and 321. > > Thanks for explaining what's going on, and maybe update the doc. > > Matthieu. > > -- > Matthieu Patou > Samba Team > http://samba.org > -- Matthieu Patou Samba Team http://samba.org _______________________________________________ cifs-protocol mailing list cifs-protocol@cifs.org https://lists.samba.org/mailman/listinfo/cifs-protocol
