patchs for wireshark dissection
Matthieu Patou
mat+Informatique.Samba at matws.net
Sat Jul 11 01:49:19 MDT 2009
Dear all,
Please find attached 3 patchs for the dissections of packets in wireshark:
* patch_ldap for defining the maximum size of an encrypted packet (check
this wireshark bug https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3440)
* patch_ntlm for dissecting conversation that use NTLM as an encryption
provider. You'll find it very usefull for LDAP, DRUSAPI, Winreg and
maybe a lot more ...
* patch_netlogon for a better dissection of netlogon and decryption of
schannel encrypted conversation
The first two patchs are working quite well (but still I found bugs or
particularities in the way they are used sometimes), the second is a bit
more younger but should already do the job, dissection of some flags are
missing but I should do them soon ...
Any constructive comments are welcomed. If you have conv that are broken
with my patch you can send me a keytab and a capture and an tell me at
which packet it's broken.
Matthieu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: patches_wireshark.tgz
Type: application/x-compressed-tar
Size: 38190 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20090711/4b39c18f/patches_wireshark.bin
More information about the samba-technical
mailing list