Re: Microsoft's Network Monitor - Buffer Overrun / Page Fault / V

[Oliver_Friedrichs () NAI COM (Friedrichs, Oliver)]

> There is a problem with both the SMS version of Network Monitor
> and the version on the NT Server 4 CD-ROM whereby if it "sniffs"
> a NetBIOS session request from a machine where the NetBIOS Scope
> ID is 190 or more characters when the capture is stopped and the
> results are viewed the Network Monitor process (netmon.exe)
> experiences a memory problem.

I found this awhile ago as well.  The same type of overflow also
occurs virtually anytime it decodes a NetBIOS name larger than
15 characters.

What scares me more are network based ID systems which may
do something similar when decoding packets.

- Oliver
  Network Associates, Inc.