Comments on Taddong: Capturing SMB Files with Wireshark

Our functionality is included in the development v...

2010-08-02T11:20:15.506+02:00

Our functionality is included in the development version of Wireshark from revision 33229 on. Compilation has been tested by wireshark team, including windows compilation.
It is not included in an stable version of Wireshark yet, so no precompiled windows version of wireshark that includes the export-object-smb functionality is available to download from wireshark home page yet.

At the moment, you can have this functionality for windows environments, by building wireshark in windows from source code.

Andy, thank you very much for your comment. Most...

2010-08-02T11:09:52.291+02:00

Andy,

thank you very much for your comment.

Most past and current SMB implementations don't support traffic encryption by themselves. As an alternative (if that is your case), you could use another layer to protect privacy of SMB messages:
- You can use a network layer protection, such IPSec
- You can also use SSL or TLS at transport layer to transport SMB protocol messages
- Or you could use an application that encrypts the traffic on a file before sending it over the network

Depending on the environment, you should evaluate the best available option. One obvious thing to take care of is that the option you choose must be available for implementation at the client and the server side.

Regards,

Jose

The plug-in is very cool, I compiled wireshark wit...

2010-07-09T05:06:02.027+02:00

The plug-in is very cool, I compiled wireshark with eo_smb_cb in BT4, and was able to capture the transfer files. it is really amazing. you guys are so great!
Just one question: how can we fix this vulnerability? thanks,

Andy

Is it included in the windows version as well?

2010-07-07T18:46:21.010+02:00

Is it included in the windows version as well?

Additional note: the compilation for Windows have ...

2010-06-17T00:28:09.585+02:00

Additional note: the compilation for Windows have also been verified and fixed by Wireshark team.

The SMB export object functionality has been inclu...

2010-06-16T23:04:09.247+02:00

The SMB export object functionality has been included in Wireshark development trunk, so there is no need to apply the patch anymore.
That means that if you download and compile in linux the latest Wireshark svn trunk you will have the SMB plugin included in it.

Hi Ceres, the last version of the patch has been ...

2010-06-14T20:09:22.019+02:00

Hi Ceres,

the last version of the patch has been compiled against version 1.5.0 (SVN Rev 33208 from /trunk) of Wireshark.

The process of including this functionality in an stable version of Wireshark is in progress. You may follow this process through wireshark bug database bug id 4451: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4451

There you will find the history of updates of this patch and from now on, we will also be including the revision number that we use to compile the patch.

Regards,

Jose

I cannot compile wireshark with eo_smb_cb My wire...

2010-06-11T16:09:31.724+02:00

I cannot compile wireshark with eo_smb_cb

My wireshark is wireshark-1.4.0rc1

Linux is Mandriva 2008.1 with custom openssl and zlib

I have en error

gtk/libui.a(menus.o):(.data+0x14b8): undefined reference to `eo_smb_cb'
collect2: ld returned 1 exit status
gmake[2]: *** [wireshark] Error 1
gmake[2]: *** Waiting for unfinished jobs....

Many thanks

ceres