During that first expedition into SMB territory we continually deferred, among other things, studying the finer details of the SMB header. We were trying to cover the general concepts, but now we need to dig into the guts of SMB to see how things really work. Latex gloves and lab coats required. Let's start by revisiting the header layout. Just for review, here's what it looks like:
The first four bytes are constant, so we won't worry about those. The COMMAND field is fairly straightforward too; it's just a one byte field containing an SMB command code. The list of available codes is given in Section 5.1 of the SNIA doc. The rest of the header is where the fun lies... |