patchs for wireshark dissection

Matthieu Patou mat+Informatique.Samba at
Sat Jul 11 01:49:19 MDT 2009

Dear all,

Please find attached 3 patchs for the dissections of packets in wireshark:

* patch_ldap for defining the maximum size of an encrypted packet (check 
this wireshark bug
* patch_ntlm for dissecting conversation that use NTLM as an encryption 
provider. You'll find it very usefull for LDAP, DRUSAPI, Winreg and 
maybe a lot more ...
* patch_netlogon for a better dissection of netlogon and decryption of 
schannel encrypted conversation

The first two patchs are working quite well (but still I found bugs or 
particularities in the way they are used sometimes), the second is a bit 
more younger but should already do the job, dissection of some flags are 
missing but I should do them soon  ...

Any constructive comments are welcomed. If you have conv that are broken 
with my patch you can send me a keytab and a capture and an tell me at 
which packet it's broken.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: patches_wireshark.tgz
Type: application/x-compressed-tar
Size: 38190 bytes
Desc: not available
Url :

More information about the samba-technical mailing list