Ethereal-dev: Re: [Ethereal-dev] NTLMSSP decode in sessionsetup and X etc ...

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <gharris@xxxxxxxxx>
Date: Mon, 26 Aug 2002 01:57:52 -0700
On Mon, Aug 26, 2002 at 03:42:00PM +0930, Richard Sharpe wrote:
> I am pretty close to having NTLMSSP and SPNEGO fixed to dissect things 
> properly.

Presumably this includes making the handling of GSS-API stuff using
SPNEGO stateful, so that the security blob on packets *after* the first
Session Setup andX doesn't get dissected as a GSS-API token, but gets
dissected as, I suspect, an RFC 2478 NegotiationToken?

Note that if this is the generic GSS-API token dissector stuff, that is
also used by the ONC RPC dissector, as well as both the SMB and the DCE
RPC dissector, and I have some changes to the LDAP dissector that I'll
be checking in to make it use that dissector as well; if you're making
the handling stateful, that mechanism should also be made usable by
non-SMB and non-DCE RPC dissectors.

Presumably this also includes making NTLMSSP handling stateful, as I
think Devin Heitmueller said that the dissection of the NTLMSSP blob in
NTLMSSP_AUTH may depend on the flags from earlier NTLMSSP_NEGOTIATE or
NTLMSSP_CHALLENGE packets.  The NTLMSSP blob dissector is also used
outside the DCE RPC code, in the HTTP dissector.