Wireshark-users: Re: [Wireshark-users] SSL LDAP dialog - bad request interpretation?
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: Gerald Combs <gerald@xxxxxxxxxxxxx>
Date: Tue, 26 Apr 2011 08:31:40 -0700
This was fixed in 1.4.5. 1.4.6 is the latest (and recommended) version.

On 4/25/11 11:22 PM, Frantisek Hanzlik wrote:
> I use wireshark (Version 1.4.4 Linux Fedora 14 i686) to decode SSL
> LDAP communication between System Security Services Daemon (sssd)
> and openldap server. All three pieces SW (wireshark, sssd, slapd)
> runs on one machine, communication go through IPv4 loopback interface.
> 
> It seems as wireshark bad decode (TLS/SSL) LDAP request:
> - in Packet List window is packet marked as "Malformed"
> - in Packed Detail is line:
>   (Error/Undecoded): Filter length exceeds 4096. Giving up
>   although packed itself has only 500 Byte (at TCP layer)
> - Packet Detail not contains all requests detail.
> 
> Openldap server response seems fine and wireshark probably decode and
> display it fine too.
> 
> Wireshark version details (copied from About window):
> =====
> Compiled (32-bit) with GTK+ 2.22.0, with GLib 2.26.0, with libpcap 1.1.1,
> without libz, without POSIX capabilities, without libpcre, with SMI 0.4.8,
> without c-ares, without ADNS, with Lua 5.1, without Python, with GnuTLS 2.8.6,
> with Gcrypt 1.4.5, with MIT Kerberos, with GeoIP, with PortAudio V19-devel
> (built Jul 28 2009), without AirPcap.
> 
> Running on Linux 2.6.35.12-88.fc14.i686.PAE, with libpcap version 1.1.1, GnuTLS
> 2.8.6, Gcrypt 1.4.5.
> 
> Built using gcc 4.5.1 20100924 (Red Hat 4.5.1-4).
> =====
> 
> Unfortunately I cannot send plain non-ssl dialog, as sssd daemon not
> allow that (even on loopback), I think.
> 
> I attach printscreen and 5 packets LDAP dialog export to plain text.
> Excuse me in case when there is another problem, but I cannot explain
> this case in other manner. Can anyone?
> 
> Thanks, Franta Hanzlik
> 
> 
> 
> 
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>              mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe


-- 
Join us for Sharkfest ’11! · Wireshark® Developer and User Conference
Stanford University, June 13-16 · http://sharkfest.wireshark.org