Wireshark mailing list archives
Subject: The field called Command Sequence Number in the SMB2 dissector is actually the Message ID
From: "Turney, Cal" <cal.turney () emc com>
Date: Wed, 31 Jul 2013 10:53:17 -0400
Hi Richard,
That confusion has probably caused one of the WAN Accelerator companies to break SMB2 Signing by mishandling that field. Not sure which one it is, since the customer hasn't told me whose WAN Accelerator they use. (Hint, it is possible for those numbers to be out of order in a TCP stream.)
I agree with changing the label to "SMB2 Message ID" but unless the WAN Accelerator uses Wireshark to decode SMB2 traffic which seems very unlikely, I don't think the old label would make any difference. Even if it does use Wireshark, it would probably use the 'smb2.seq_num' filter rather than dumping the frame or capture to a text file and searching for "SMB2 Message ID". The latter operation would defeat the purpose of the device because throughput would be greatly reduced. Cheers, Cal
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Subject: The field called Command Sequence Number in the SMB2 dissector is actually the Message ID Turney, Cal (Aug 01)