Post Thu Nov 12, 2009 10:01 am

help in understanding SMB traffic

when studying the dump of a network traffic produced by netBIOS, i know we have to use mangle algorithm to extract the netbios name, i know we have to subtract 0x41 from each letter. my question is why and is it a constant hex decimal if we want to analyis other dumps from an SMB traffic

i'm a novie at this, i hope i made sense?