Improved SPNEGO dissector available in Wireshark soon

Richard Sharpe realrichardsharpe at
Thu Jun 5 07:38:02 MDT 2014

On Wed, Jun 4, 2014 at 10:06 PM, Matthieu Patou <mat at> wrote:
> On 05/31/2014 12:33 PM, Richard Sharpe wrote:
>> Hi folks,
>> I fixed the SPNEGO dissector at long last and the fixes have been
>> merged into the Wireshark git repository.
>> They are two fold:
>> 1. It now correctly handles the negHints field that MS added to a
>> negTokenInit coming from a server in a NegotiateProtocol response.
>> 2. It also correctly handles the mechListMIC now so that we don't
>> double dissect it in some cases.
>> These changes should turn up in a version of Wireshark in the near future.
>> Thanks to Simo for providing a capture that showed the second problem.
> Is it pidl generated ?

No, but it is (partially) generated from the ASN.1 definition. There
is still a lot of code annotation that is needed ... (and in a weird

Have a look in wireshark-src/asn1/spnego/spnego.cnf

Richard Sharpe

More information about the samba-technical mailing list