Wireshark · Ethereal-dev: Re: [Ethereal-dev] packet-dns.c patch - GSSAPI in TKEY can also be NTLMSSP data

[Guy Harris <gharris@xxxxxxxxx>]

Yaniv Kaul wrote:
> Using the proven method of verifying NTLMSSP is used instead of GSSAPI 
> (compare the start of the buffer to 'NTLMSSP'...), TKEY records with 
> NTLM, not GSSAPI, are now properly dissected.

Is this all another embrace and extension from Microsoft, or, in all 
these protocols, is there some form of negotiation, either out-of-band, 
in earlier packets, or by prior agreement between the principals - and 
thus possibly impossible for Ethereal to know about - so that we have to 
do that heuristic check to figure out whether it's NTLMSSP or GSSAPI?

Should we have a "maybe NTLMSSP, maybe GSSAPI" routine that does that 
check, and use it in the places where we do that check (DNS, HTTP, SMB)?

> Attached svn diff.

Checked in.