From: "Devin Heitmueller" Sent: Saturday, November 09, 2002 6:19 AM Subject: Re: [Ethereal-dev] Support SMBreadX in SAMR calls
> Thanks for your quick response. > > Yes, enabling those flags does help some. Why aren't those on by > default? They require a lot of additional memory to keep state and PDU fragments hanging around between packets. Since they need (potentially) a lot more memory when enabled, they are disabled by default. > > I am still having problems decoding one particular trace which uses the > SAMR function LookupRIDs(). In particular, if "Reassemble DCERPC over > SMB" is disabled, it gets interpreted as a LookupRIDs request. However > if I enabled "Reassemble DCERPC over SMB", the dissector only reports it > as a DCERPC request. Isn't this the exact opposite of what one would > expect. > > It could just be that I'm hitting some sort of exception, because I am > attempting to lookup about 2200 RIDs in one request. The server throws > a DCERPC fault (which is expected), but I would believe the request is > still properly formatted. > > I have a trace, if anyone is interested. Strange. I have myself decoded DCERPC packets spanning 200+ kb successfully, fragmented on all three NBSS, SMB and DCERPC layers. You can send a trace to me (or to the list) and I (or someone else) can look at it. When doing so, please also specify which packet in the capture you think there is a problem with.
