Ethereal-dev: Re: [Ethereal-dev] Patch for NTLMSSP support

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Devin Heitmueller <dheitmueller@xxxxxxxxxxx>
Date: 10 Jul 2002 11:10:00 -0400
Hello Guy,

In packet-dcerpc.c (line 1349), we send three different request types to
the packet-ntlmssp dissector: DCERPC Bind DCERPC Bind Ack and DCERPC
AUTH3.  For the AUTH3 message, we dissect the ntlmssp constant and the
message type, but we do not dissect further, as we do with the negotiate
and request message types.

If someone wanted to add support for the AUTH3 message, he/she would add
a function called dissect_ntlmssp_auth() to the if statement on line 392
of packet-ntlmssp.c.

I have a valid trace that does the Auth3, and I think I have found the
appropriate references in Samba and TNG relating to the structure of the
packet.  I just have not yet had the time to write the Auth3 dissector
code.

Devin

On Tue, 2002-07-09 at 18:28, Guy Harris wrote:
> On Tue, Jul 09, 2002 at 01:12:43AM -0400, dheitmueller wrote:
> > the DCE/RPC AUTH3 request recognizes
> > that NTLMSSP is in use, but does not yet dissect it.
> 
> "It" meaing the AUTH3 request, or "it" meaning the NTLMSSP stuff?  There
> doesn't seem to be any code yet to dissect an AUTH3 PDU.
-- 
Devin Heitmueller
Senior Software Engineer
Netilla Networks Inc