On 28/11/2011 22:30, Hongwei Sun wrote:
Matthieu,
Did you get a chance to do it ? If you are not in the position to do
this, I can archive the case and we can come back to it any time.
No I didn't, as the problem not always occurs. I plan to rework quite
seriously on FRS soon, so maybe I'll get better chance of reproducing
the error.
Regards.
Matthieu.
Thanks!
Hongwei
-----Original Message-----
From: Hongwei Sun
Sent: Monday, November 21, 2011 1:02 PM
To: '[email protected]'
Cc: [email protected]; [email protected]; MSSolve Case Email
Subject: RE: [REG:111110168569640] RE: double send of command joined from a
upstream windows Server
Matthieu,
Could you capture TTT trace on the process "ntfrs.exe" which is the FRS1
service ? We cannot see how it could happen just based on the trace.
Thanks!
Hongwei
-----Original Message-----
From: Matthieu Patou [mailto:[email protected]]
Sent: Friday, October 28, 2011 3:32 PM
To: Hongwei Sun
Cc: [email protected]; [email protected]; MSSolve Case Email
Subject: Re: [REG:111092854890403] RE: double send of command joined from a
upstream windows Server
Hello Hongwei,
I made a screencast on a windows machine explaining how to decrypt FRS traffic,
I'm sure that following the instruction in this demo you'll succeed.
Here is the file:
http://athena.matws.net/mat/pres/frs.avi
Regards.
Matthieu.
On 21/10/2011 23:20, Hongwei Sun wrote:
Matthieu,
Do you get a chance to capture the screen shot with the FRS1 packets
displayed ? It will be ideal if I can decrypt myself, but I cannot get a
version of wireshark to allow me to do that. So the screen shot at least show
me all the packet sequences so I have something to work with. I may need to
work with the product team, so I need some information to show them.
Thanks!
Hongwei
-----Original Message-----
From: Matthieu Patou [mailto:[email protected]]
Sent: Wednesday, October 19, 2011 6:04 PM
To: Hongwei Sun
Cc: [email protected]; [email protected]; MSSolve Case Email
Subject: Re: [REG:111092854890403] RE: double send of command joined
from a upstream windows Server
Hi hongwei I'm planning to work on it tomorrow,
the best though would be to catch me tomorrow so that I can show you in a live
demo.
Matthieu
On 20/10/2011 00:59, Hongwei Sun wrote:
Matthieu,
Do you have a chance to send the information I request below? I have a
trouble to see the sequence of the packets without decrypting it. If you
don't have time to work on it, I can archive it and we can work on it whenever
you get time.
Thanks!
Hongwei
-----Original Message-----
From: Hongwei Sun
Sent: Thursday, October 13, 2011 5:49 PM
To: '[email protected]'; '[email protected]'; '[email protected]'
Cc: MSSolve Case Email
Subject: RE: [REG:111092854890403] RE: double send of command joined
from a upstream windows Server
Matthieu,
Can you send me the screenshot you mentioned in your e-mail ? Even I
cannot make the decryption work with the correct version, looking at the screen
may help me know the scenario.
Thanks!
HOngwei
-----Original Message-----
From: Hongwei Sun
Sent: Tuesday, October 11, 2011 5:27 PM
To: '[email protected]'; [email protected]; [email protected]
Cc: MSSolve Case Email
Subject: [REG:111092854890403] RE: double send of command joined from
a upstream windows Server
Matthieu,
I downloaded the wireshark 1.6.2 ,which is the latest version I can
download. But I still don't see the option for me to provide the file name for
keytab file in krb5 screen. What is the minimum version of Wireshark for me
to use with your keytab file for decryption ? I am running Windows 64bit
version of Wireshark.
Thanks!
Hongwei
-----Original Message-----
From: Matthieu Patou [mailto:[email protected]]
Sent: Tuesday, September 27, 2011 10:45 PM
To: Hongwei Sun; [email protected]; [email protected];
Interoperability Documentation Help
Subject: double send of command joined from a upstream windows Server
Hello hongwei,
Following our talk concerning the double send of "command_joined"
packets from a W2K3R2 server when talking to a samba server.
Here is the wireshark capture and the keytab to decrypt it.
By getting a recent version of wireshark is needed. You can get nightly build
at http://www.wireshark.org/download/automated/win32/ newer than the revision
38976 (which is ~ 2 weeks old).
The way to use it is:
wireshark -K w2k_2.keytab frs_big_file_samba.pcap.
I attached the screenshot of this packets it's packets 319 and 321.
Thanks for explaining what's going on, and maybe update the doc.
Matthieu.
--
Matthieu Patou
Samba Team
http://samba.org
--
Matthieu Patou
Samba Team
http://samba.org
--
Matthieu Patou
Samba Team
http://samba.org
--
Matthieu Patou
Samba Team
http://samba.org
_______________________________________________
cifs-protocol mailing list
[email protected]
https://lists.samba.org/mailman/listinfo/cifs-protocol
