Hi, It seems that the 'response' from your device is not correct. The 'Request/Response' of 'Flags' is alwasy '0' in SMB headers (which means an SMB request). For example, packet 5 is a Negotiate Request from 10.255.10.4.103 to 10.255.105.150, however packet 8 is also a Negotiate Request in the reversed direction.
It seems to me that packet 8 should be a response, therefore the 'Request/Response' bit of 'Flags' should be '1'. BTW, I use version 1.0.4 (revision 26501) to view the traffic and found no 'continuation data'. A difference behavior between these two versions? On Wed, Dec 24, 2008 at 2:51 AM, Mahendran <[email protected]> wrote: > Hi, > > I am using Wire Shark 1.0.5. > > I am trying to capture the SMB packets using Wire Shark. It parses the SMB > Request correctly but unable to parse the SBM Response that is sent from our > device. The content are shown under "Continuation Data". If it parses > properly that will help me in analyzing the packets. Could you please help > me? > > I have attached the capture for your analysis. Look at the packet no 47, 51 > and 55. > > Best Regards, > Mahendran > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <[email protected]> > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:[email protected]?subject=unsubscribe >
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
