A new type of DCERPC over SMB transport.

I have captures with w2k speaking DCERPC without using the normal
Transaction named pipes SMBs.
Instead DCERPC is just implemented ontop of ordinary read/write calls.

The smb dissector now examines TreeConnectAndX and stores the conversation/tid/type-of-share in a table for later access.
All SMB requests examine that hash table to find out if TID in the header refers
to a normal share or an IPC$ share.

Initial support in read/write SMB calls to detect if the operations are for an
 IPC share and thus it assumes it must be DCERPC commands in the payload.
Desegmentation/Reassembly of these types of calls are not implemented yet.


git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4952 f5534014-38df-0310-8fa8-9805f1628bb7

1 files changed, 4 insertions, 1 deletions

diff --git a/packet-smb-pipe.h b/packet-smb-pipe.h
index 7084a5d7da..6f86f91c7e 100644
--- a/packet-smb-pipe.h
+++ b/packet-smb-pipe.h
@@ -2,7 +2,7 @@
  * Declarations of routines for SMB named pipe packet dissection
  * Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com>
  *
- * $Id: packet-smb-pipe.h,v 1.9 2001/11/19 11:41:51 guy Exp $
+ * $Id: packet-smb-pipe.h,v 1.10 2002/03/16 04:39:28 sahlberg Exp $
  *
  * Ethereal - Network traffic analyzer
  * By Gerald Combs <gerald@ethereal.com>
@@ -30,5 +30,8 @@ extern gboolean
 dissect_pipe_smb(tvbuff_t *sp_tvb, tvbuff_t *s_tvb, tvbuff_t *pd_tvb,
 		 tvbuff_t *p_tvb, tvbuff_t *d_tvb, const char *pipe,
 		 packet_info *pinfo, proto_tree *tree);
+gboolean
+dissect_pipe_dcerpc(tvbuff_t *d_tvb, packet_info *pinfo, proto_tree *parent_tree,
+		proto_tree *tree, guint32 fid);
 
 #endif