Matthieu, Did you get a chance to do it ? If you are not in the position to do this, I can archive the case and we can come back to it any time.
Thanks! Hongwei -----Original Message----- From: Hongwei Sun Sent: Monday, November 21, 2011 1:02 PM To: 'm...@samba.org' Cc: p...@tridgell.net; cifs-proto...@samba.org; MSSolve Case Email Subject: RE: [REG:111110168569640] RE: double send of command joined from a upstream windows Server Matthieu, Could you capture TTT trace on the process "ntfrs.exe" which is the FRS1 service ? We cannot see how it could happen just based on the trace. Thanks! Hongwei -----Original Message----- From: Matthieu Patou [mailto:m...@samba.org] Sent: Friday, October 28, 2011 3:32 PM To: Hongwei Sun Cc: p...@tridgell.net; cifs-proto...@samba.org; MSSolve Case Email Subject: Re: [REG:111092854890403] RE: double send of command joined from a upstream windows Server Hello Hongwei, I made a screencast on a windows machine explaining how to decrypt FRS traffic, I'm sure that following the instruction in this demo you'll succeed. Here is the file: http://athena.matws.net/mat/pres/frs.avi Regards. Matthieu. On 21/10/2011 23:20, Hongwei Sun wrote: > Matthieu, > > Do you get a chance to capture the screen shot with the FRS1 packets > displayed ? It will be ideal if I can decrypt myself, but I cannot get a > version of wireshark to allow me to do that. So the screen shot at least > show me all the packet sequences so I have something to work with. I may > need to work with the product team, so I need some information to show them. > > Thanks! > > Hongwei > > -----Original Message----- > From: Matthieu Patou [mailto:m...@samba.org] > Sent: Wednesday, October 19, 2011 6:04 PM > To: Hongwei Sun > Cc: p...@tridgell.net; cifs-proto...@samba.org; MSSolve Case Email > Subject: Re: [REG:111092854890403] RE: double send of command joined > from a upstream windows Server > > Hi hongwei I'm planning to work on it tomorrow, > > the best though would be to catch me tomorrow so that I can show you in a > live demo. > > Matthieu > On 20/10/2011 00:59, Hongwei Sun wrote: >> Matthieu, >> >> Do you have a chance to send the information I request below? I have a >> trouble to see the sequence of the packets without decrypting it. If you >> don't have time to work on it, I can archive it and we can work on it >> whenever you get time. >> >> Thanks! >> >> Hongwei >> >> >> -----Original Message----- >> From: Hongwei Sun >> Sent: Thursday, October 13, 2011 5:49 PM >> To: 'm...@samba.org'; 'p...@tridgell.net'; 'cifs-proto...@samba.org' >> Cc: MSSolve Case Email >> Subject: RE: [REG:111092854890403] RE: double send of command joined >> from a upstream windows Server >> >> Matthieu, >> >> Can you send me the screenshot you mentioned in your e-mail ? Even I >> cannot make the decryption work with the correct version, looking at the >> screen may help me know the scenario. >> >> Thanks! >> >> HOngwei >> >> -----Original Message----- >> From: Hongwei Sun >> Sent: Tuesday, October 11, 2011 5:27 PM >> To: 'm...@samba.org'; p...@tridgell.net; cifs-proto...@samba.org >> Cc: MSSolve Case Email >> Subject: [REG:111092854890403] RE: double send of command joined from >> a upstream windows Server >> >> Matthieu, >> >> I downloaded the wireshark 1.6.2 ,which is the latest version I can >> download. But I still don't see the option for me to provide the file name >> for keytab file in krb5 screen. What is the minimum version of Wireshark >> for me to use with your keytab file for decryption ? I am running Windows >> 64bit version of Wireshark. >> >> Thanks! >> >> Hongwei >> >> -----Original Message----- >> From: Matthieu Patou [mailto:m...@samba.org] >> Sent: Tuesday, September 27, 2011 10:45 PM >> To: Hongwei Sun; p...@tridgell.net; cifs-proto...@samba.org; >> Interoperability Documentation Help >> Subject: double send of command joined from a upstream windows Server >> >> Hello hongwei, >> >> Following our talk concerning the double send of "command_joined" >> packets from a W2K3R2 server when talking to a samba server. >> >> Here is the wireshark capture and the keytab to decrypt it. >> >> By getting a recent version of wireshark is needed. You can get nightly >> build at http://www.wireshark.org/download/automated/win32/ newer than the >> revision 38976 (which is ~ 2 weeks old). >> >> The way to use it is: >> wireshark -K w2k_2.keytab frs_big_file_samba.pcap. >> >> I attached the screenshot of this packets it's packets 319 and 321. >> >> Thanks for explaining what's going on, and maybe update the doc. >> >> Matthieu. >> >> -- >> Matthieu Patou >> Samba Team >> http://samba.org >> > > -- > Matthieu Patou > Samba Team > http://samba.org > > -- Matthieu Patou Samba Team http://samba.org _______________________________________________ cifs-protocol mailing list cifs-protocol@cifs.org https://lists.samba.org/mailman/listinfo/cifs-protocol
