From Bugzilla Helper: User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0 Description of problem: The SMB dissector incorrectly considers the Data Length High field in a Write AndX request to be 4 bytes instead of 2. Version-Release number of selected component (if applicable): ethereal-0.10.10-1.FC3.1 How reproducible: Always Steps to Reproduce: 1. Capture SMB traffic that includes an SMB Write AndX Request (e.g., a logon.) 2. Attempt to dissect the packet. 3. Actual Results: All data following the data length high field are reported incorrectly. Expected Results: The fields should be read from their correct offsets within the packet, leading to non-garbage data. Additional info: This bug is caused by ethereal-0.10.6-old.patch in the SRPM. The distribution code is correct and should not be patched.
Thanks for pointing me to this, the patch will get romved. Should I have also a sample capture file so I can see these packets (I don't have SMB filesystem here)
Created attachment 113667 [details] A sample capture with both a Read AndX and Write AndX call.
There's a new ethereal version comming out soon. Will be fixed there.