patchs for wireshark dissection
Stefan (metze) Metzmacher
metze at samba.org
Sun Jul 12 10:37:50 MDT 2009
Hi Matthieu,
> Please find attached 3 patchs for the dissections of packets in wireshark:
>
> * patch_ldap for defining the maximum size of an encrypted packet (check
> this wireshark bug
> https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3440)
> * patch_ntlm for dissecting conversation that use NTLM as an encryption
> provider. You'll find it very usefull for LDAP, DRUSAPI, Winreg and
> maybe a lot more ...
> * patch_netlogon for a better dissection of netlogon and decryption of
> schannel encrypted conversation
>
> The first two patchs are working quite well (but still I found bugs or
> particularities in the way they are used sometimes), the second is a bit
> more younger but should already do the job, dissection of some flags are
> missing but I should do them soon ...
>
> Any constructive comments are welcomed. If you have conv that are broken
> with my patch you can send me a keytab and a capture and an tell me at
> which packet it's broken.
I need to revert parts of the patches, to prevent a crash
(in the string handling code...)
http://gitweb.samba.org/?p=metze/wireshark/wip.git;a=commitdiff;h=c9dbf6ad8c7c3320800bf9158b718c6c98a602f5
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://lists.samba.org/archive/samba-technical/attachments/20090712/ffe6fafd/signature.bin
More information about the samba-technical
mailing list