From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0
Description of problem:
The SMB dissector incorrectly considers the Data Length High field in a Write AndX request to be 4 bytes instead of 2.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Capture SMB traffic that includes an SMB Write AndX Request (e.g., a logon.)
2. Attempt to dissect the packet.
Actual Results: All data following the data length high field are reported incorrectly.
Expected Results: The fields should be read from their correct offsets within the packet, leading to non-garbage data.
This bug is caused by ethereal-0.10.6-old.patch in the SRPM. The distribution code is correct and should not be patched.
Thanks for pointing me to this, the patch will get romved. Should I have also a
sample capture file so I can see these packets (I don't have SMB filesystem here)
Created attachment 113667 [details]
A sample capture with both a Read AndX and Write AndX call.
There's a new ethereal version comming out soon. Will be fixed there.