Guys,
I am currently using V 1.0.2 (SVN Rev 25698) of Wireshark.
I did a capture with a basic HTTP GET containing some authentication. The authorization field contain some SPNEGO/Kerberos. The HTTP get is in fact sent in 3 frames due to the size of the TGS.
At the end of the first frame, I can see in wireshark this error : [Packet size limited during capture: SPNEGO-KRB5 truncated]
I don't think I missed some of the data during the capture, but only that the "HTTP data" is in fact in 3 frames.
Then I have 2 other frames (continuation).
So the entire dialog is in 3 frames. Due to this problem, I can only see the beginning of the SPNEGO/Kerberos.
How can I ask Wireshark to decode this SPNEGO/Kerberos part ?
Thanks for your guidance.
Regards.
Fred
