Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 3709] NTLMSSP support is incomplete in wireshark

Wireshark-bugs: [Wireshark-bugs] [Bug 3709] NTLMSSP support is incomplete in wireshark

Date: Sun, 12 Jul 2009 15:03:55 -0700 (PDT)

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3709





--- Comment #1 from Matthieu Patou <mat@xxxxxxxxx>  2009-07-12 15:03:54 PDT ---
Attached Patch allow wireshark to recorgnize ntlmssp encrypted dialogs.
It allow also to cleanly decrypt ntlm v1 with v2 security session and ntlm v2
dialogs. The dissection is possible in various protols (LDAP, SMB, winreg,
drsuapi, ...).
My patch allow also to use keytab as md4(password) equivalent. This is very
usefull when you made a net vampire of all the domain password (cf. samba net
vampire command) or when you have workstations password (as windows tends to
use non printable chars for workstation password).
As an example I attached 2 captures: 
ntlmv2_ldap.dump
ntlmv2_winreg.dump

the password if totoTATA123 but as I said keytab can be used (wireshark -K
adm_smb4.keytab).


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

References:
- [Wireshark-bugs] [Bug 3709] New: NTLMSSP support is incomplete in wireshark
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 3709] New: NTLMSSP support is incomplete in wireshark
Next by Date: [Wireshark-bugs] [Bug 3709] NTLMSSP support is incomplete in wireshark
Previous by thread: [Wireshark-bugs] [Bug 3709] New: NTLMSSP support is incomplete in wireshark
Next by thread: [Wireshark-bugs] [Bug 3709] NTLMSSP support is incomplete in wireshark
Index(es):
- Date
- Thread