Matthieu, Do you have a chance to send the information I request below? I have a trouble to see the sequence of the packets without decrypting it. If you don't have time to work on it, I can archive it and we can work on it whenever you get time.
Thanks! Hongwei -----Original Message----- From: Hongwei Sun Sent: Thursday, October 13, 2011 5:49 PM To: 'm...@samba.org'; 'p...@tridgell.net'; 'cifs-proto...@samba.org' Cc: MSSolve Case Email Subject: RE: [REG:111092854890403] RE: double send of command joined from a upstream windows Server Matthieu, Can you send me the screenshot you mentioned in your e-mail ? Even I cannot make the decryption work with the correct version, looking at the screen may help me know the scenario. Thanks! HOngwei -----Original Message----- From: Hongwei Sun Sent: Tuesday, October 11, 2011 5:27 PM To: 'm...@samba.org'; p...@tridgell.net; cifs-proto...@samba.org Cc: MSSolve Case Email Subject: [REG:111092854890403] RE: double send of command joined from a upstream windows Server Matthieu, I downloaded the wireshark 1.6.2 ,which is the latest version I can download. But I still don't see the option for me to provide the file name for keytab file in krb5 screen. What is the minimum version of Wireshark for me to use with your keytab file for decryption ? I am running Windows 64bit version of Wireshark. Thanks! Hongwei -----Original Message----- From: Matthieu Patou [mailto:m...@samba.org] Sent: Tuesday, September 27, 2011 10:45 PM To: Hongwei Sun; p...@tridgell.net; cifs-proto...@samba.org; Interoperability Documentation Help Subject: double send of command joined from a upstream windows Server Hello hongwei, Following our talk concerning the double send of "command_joined" packets from a W2K3R2 server when talking to a samba server. Here is the wireshark capture and the keytab to decrypt it. By getting a recent version of wireshark is needed. You can get nightly build at http://www.wireshark.org/download/automated/win32/ newer than the revision 38976 (which is ~ 2 weeks old). The way to use it is: wireshark -K w2k_2.keytab frs_big_file_samba.pcap. I attached the screenshot of this packets it's packets 319 and 321. Thanks for explaining what's going on, and maybe update the doc. Matthieu. -- Matthieu Patou Samba Team http://samba.org _______________________________________________ cifs-protocol mailing list cifs-protocol@cifs.org https://lists.samba.org/mailman/listinfo/cifs-protocol
