patchs for wireshark dissection

Stefan (metze) Metzmacher metze at
Sun Jul 12 10:37:50 MDT 2009

Hi Matthieu,

> Please find attached 3 patchs for the dissections of packets in wireshark:
> * patch_ldap for defining the maximum size of an encrypted packet (check
> this wireshark bug
> * patch_ntlm for dissecting conversation that use NTLM as an encryption
> provider. You'll find it very usefull for LDAP, DRUSAPI, Winreg and
> maybe a lot more ...
> * patch_netlogon for a better dissection of netlogon and decryption of
> schannel encrypted conversation
> The first two patchs are working quite well (but still I found bugs or
> particularities in the way they are used sometimes), the second is a bit
> more younger but should already do the job, dissection of some flags are
> missing but I should do them soon  ...
> Any constructive comments are welcomed. If you have conv that are broken
> with my patch you can send me a keytab and a capture and an tell me at
> which packet it's broken.

I need to revert parts of the patches, to prevent a crash
(in the string handling code...);a=commitdiff;h=c9dbf6ad8c7c3320800bf9158b718c6c98a602f5


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url :

More information about the samba-technical mailing list