On Thu, May 29, 2003 at 01:20:40PM -0400, Jia-Ying Lu wrote:
> Has anyone gotten Ethereal to display captured CIFS traffic?
Yes.
> I seem to only see TCP packets that are not decoded further to reveal
> the CIFS data content. Is decoding CIFS not supported even though
> SMB is?
If by "CIFS" and "SMB" you mean:
CIFS: TCP traffic to port 445, with packets beginning with a
32-bit header with 8 bits of zero and a 24-bit length field, as
per Appendix B of the SNIA CIFS spec;
SMB: TCP traffic to port 139, with packets beginning with a
32-bit header with an 8-bit type field, an 8-bit flags field,
and a 16-bit length field, with a type field value of 0 being a
"session message", which could be an SMB request or response;
then both of them are supported.
However, if the traffic isn't going to port 139 or 445, it won't be
recognized as CIFS or SMB.
