From 17392c995b3584143c4cbc389c2bae09dc4cc968 Mon Sep 17 00:00:00 2001 From: Ronnie Sahlberg Date: Sat, 16 Mar 2002 04:39:29 +0000 Subject: A new type of DCERPC over SMB transport. I have captures with w2k speaking DCERPC without using the normal Transaction named pipes SMBs. Instead DCERPC is just implemented ontop of ordinary read/write calls. The smb dissector now examines TreeConnectAndX and stores the conversation/tid/type-of-share in a table for later access. All SMB requests examine that hash table to find out if TID in the header refers to a normal share or an IPC$ share. Initial support in read/write SMB calls to detect if the operations are for an IPC share and thus it assumes it must be DCERPC commands in the payload. Desegmentation/Reassembly of these types of calls are not implemented yet. svn path=/trunk/; revision=4952 --- packet-smb-pipe.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'packet-smb-pipe.c') diff --git a/packet-smb-pipe.c b/packet-smb-pipe.c index 7a3fad7d54..ed88de56be 100644 --- a/packet-smb-pipe.c +++ b/packet-smb-pipe.c @@ -8,7 +8,7 @@ XXX Fixme : shouldnt show [malformed frame] for long packets * significant rewrite to tvbuffify the dissector, Ronnie Sahlberg and * Guy Harris 2001 * - * $Id: packet-smb-pipe.c,v 1.70 2002/03/15 08:59:52 sahlberg Exp $ + * $Id: packet-smb-pipe.c,v 1.71 2002/03/16 04:39:28 sahlberg Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs @@ -3157,7 +3157,7 @@ proto_register_pipe_lanman(void) static heur_dissector_list_t smb_transact_heur_subdissector_list; -static gboolean +gboolean dissect_pipe_dcerpc(tvbuff_t *d_tvb, packet_info *pinfo, proto_tree *parent_tree, proto_tree *tree, guint32 fid) { -- cgit v1.2.3