Matthieu, No problem. When you have a repro for this issue and you are able to capture TTT, we will come back to this issue and finish the investigation.
Thanks! Hongwei -----Original Message----- From: Matthieu Patou [mailto:[email protected]] Sent: Tuesday, November 29, 2011 3:28 AM To: Hongwei Sun Cc: [email protected]; [email protected]; MSSolve Case Email Subject: Re: [REG:111110168569640] RE: double send of command joined from a upstream windows Server On 28/11/2011 22:30, Hongwei Sun wrote: > Matthieu, > > Did you get a chance to do it ? If you are not in the position to do > this, I can archive the case and we can come back to it any time. No I didn't, as the problem not always occurs. I plan to rework quite seriously on FRS soon, so maybe I'll get better chance of reproducing the error. Regards. Matthieu. > Thanks! > > Hongwei > > > -----Original Message----- > From: Hongwei Sun > Sent: Monday, November 21, 2011 1:02 PM > To: '[email protected]' > Cc: [email protected]; [email protected]; MSSolve Case Email > Subject: RE: [REG:111110168569640] RE: double send of command joined > from a upstream windows Server > > Matthieu, > > Could you capture TTT trace on the process "ntfrs.exe" which is the FRS1 > service ? We cannot see how it could happen just based on the trace. > > Thanks! > > Hongwei > > > > -----Original Message----- > From: Matthieu Patou [mailto:[email protected]] > Sent: Friday, October 28, 2011 3:32 PM > To: Hongwei Sun > Cc: [email protected]; [email protected]; MSSolve Case Email > Subject: Re: [REG:111092854890403] RE: double send of command joined > from a upstream windows Server > > Hello Hongwei, > > I made a screencast on a windows machine explaining how to decrypt FRS > traffic, I'm sure that following the instruction in this demo you'll succeed. > > Here is the file: > http://athena.matws.net/mat/pres/frs.avi > > > Regards. > > Matthieu. > On 21/10/2011 23:20, Hongwei Sun wrote: >> Matthieu, >> >> Do you get a chance to capture the screen shot with the FRS1 packets >> displayed ? It will be ideal if I can decrypt myself, but I cannot get a >> version of wireshark to allow me to do that. So the screen shot at least >> show me all the packet sequences so I have something to work with. I may >> need to work with the product team, so I need some information to show them. >> >> Thanks! >> >> Hongwei >> >> -----Original Message----- >> From: Matthieu Patou [mailto:[email protected]] >> Sent: Wednesday, October 19, 2011 6:04 PM >> To: Hongwei Sun >> Cc: [email protected]; [email protected]; MSSolve Case Email >> Subject: Re: [REG:111092854890403] RE: double send of command joined >> from a upstream windows Server >> >> Hi hongwei I'm planning to work on it tomorrow, >> >> the best though would be to catch me tomorrow so that I can show you in a >> live demo. >> >> Matthieu >> On 20/10/2011 00:59, Hongwei Sun wrote: >>> Matthieu, >>> >>> Do you have a chance to send the information I request below? I have >>> a trouble to see the sequence of the packets without decrypting it. If >>> you don't have time to work on it, I can archive it and we can work on it >>> whenever you get time. >>> >>> Thanks! >>> >>> Hongwei >>> >>> >>> -----Original Message----- >>> From: Hongwei Sun >>> Sent: Thursday, October 13, 2011 5:49 PM >>> To: '[email protected]'; '[email protected]'; '[email protected]' >>> Cc: MSSolve Case Email >>> Subject: RE: [REG:111092854890403] RE: double send of command joined >>> from a upstream windows Server >>> >>> Matthieu, >>> >>> Can you send me the screenshot you mentioned in your e-mail ? Even >>> I cannot make the decryption work with the correct version, looking at the >>> screen may help me know the scenario. >>> >>> Thanks! >>> >>> HOngwei >>> >>> -----Original Message----- >>> From: Hongwei Sun >>> Sent: Tuesday, October 11, 2011 5:27 PM >>> To: '[email protected]'; [email protected]; [email protected] >>> Cc: MSSolve Case Email >>> Subject: [REG:111092854890403] RE: double send of command joined >>> from a upstream windows Server >>> >>> Matthieu, >>> >>> I downloaded the wireshark 1.6.2 ,which is the latest version I can >>> download. But I still don't see the option for me to provide the file name >>> for keytab file in krb5 screen. What is the minimum version of Wireshark >>> for me to use with your keytab file for decryption ? I am running >>> Windows 64bit version of Wireshark. >>> >>> Thanks! >>> >>> Hongwei >>> >>> -----Original Message----- >>> From: Matthieu Patou [mailto:[email protected]] >>> Sent: Tuesday, September 27, 2011 10:45 PM >>> To: Hongwei Sun; [email protected]; [email protected]; >>> Interoperability Documentation Help >>> Subject: double send of command joined from a upstream windows >>> Server >>> >>> Hello hongwei, >>> >>> Following our talk concerning the double send of "command_joined" >>> packets from a W2K3R2 server when talking to a samba server. >>> >>> Here is the wireshark capture and the keytab to decrypt it. >>> >>> By getting a recent version of wireshark is needed. You can get nightly >>> build at http://www.wireshark.org/download/automated/win32/ newer than the >>> revision 38976 (which is ~ 2 weeks old). >>> >>> The way to use it is: >>> wireshark -K w2k_2.keytab frs_big_file_samba.pcap. >>> >>> I attached the screenshot of this packets it's packets 319 and 321. >>> >>> Thanks for explaining what's going on, and maybe update the doc. >>> >>> Matthieu. >>> >>> -- >>> Matthieu Patou >>> Samba Team >>> http://samba.org >>> >> -- >> Matthieu Patou >> Samba Team >> http://samba.org >> >> > > -- > Matthieu Patou > Samba Team > http://samba.org > > > -- Matthieu Patou Samba Team http://samba.org _______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
