Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-users: Re: [Ethereal-users] SPNEGO decoder?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <gharris@xxxxxxxxx>
Date: Wed, 9 Oct 2002 16:06:10 -0700
On Wed, Oct 09, 2002 at 12:32:52PM -0700, Doug wrote:
> The Ethereal 0.9.7 release announcements indicate that support was added
> for SPNEGO and GSS-API.
> 
> I tried sniffing an SPNEGO connection and a GSS-API connection

What do you mean by an "SPNEGO connection" and "GSS-API connection"? 
Neither RFC 2478 (the SPNEGO RFC) nor RFC 2078 (the GSSAPI RFC)
describe protocols that, for example, run directly atop
TCP.

> but neither seemed to be decoded.

What protocol is *REALLY* being used over the connections?

Ethereal will dissect GSS-API negotiation inside:

	DCE RPC packets;

	LDAP packets;

	ONC RPC packets;

	SMB messages;

and if the GSS-API packets use the SPNEGO OID (1.3.6.1.5.5.2) the
GSS-API dissector will dissect the SPNEGO stuff.

> I chose the packets that I knew were SPNEGO and GSS-API

What protocols did those packet use?

> and tried to use Tools - Decode As, but I did not see
> any options for SPNEGO or GSS.

That's because decoding stuff as GSS-API isn't as simple as the stuff
the "Decode As" mechanism supports (and because SPNEGO is something atop
GSS-API).
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube