Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 2444] New: NTLMSSP protocol dissector doesn' t parse NTLMS

Date: Thu, 10 Apr 2008 17:56:01 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2444

           Summary: NTLMSSP protocol dissector doesn't parse NTLMSSP in
                    DCERPC packets with packet level auth
           Product: Wireshark
           Version: SVN
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: Normal
          Priority: Medium
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: jlarimer@xxxxxxxxx


Build Information:
Version 1.0.99jlarimer

Copyright 1998-2008 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.12.9, with GLib 2.16.1, with WinPcap (version unknown),
with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI 0.4.5,
with ADNS, with Lua 5.1, with GnuTLS 1.6.1, with Gcrypt 1.2.3, with MIT
Kerberos, with PortAudio V19-devel, with AirPcap.

Running on Windows XP Service Pack 2, build 2600, with WinPcap version 3.1
(packet.dll version 3, 1, 0, 27), based on libpcap version 0.9[.x], without
AirPcap.

Built using Microsoft Visual C++ 8.0 build 50727
--
The NTLMSSP protocol dissector doesn't parse the NTLMSSP auth info in DCE-RPC
packets with packet-level auth. There is a comment in the code indicating it
should be included.

Attached is patch. I also fixed up the parsing of NTLMSSP flags so they match
what's in Microsoft's own documentation (from
http://msdn2.microsoft.com/en-us/library/cc236621.aspx). I can split this off
into a separate bug if necessary.

Also attached is a packet capture to verify this patch.


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.