Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 4097] New: Kerberos dissected as STUN2

Date: Tue, 6 Oct 2009 03:31:38 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4097

           Summary: Kerberos dissected as STUN2
           Product: Wireshark
           Version: 1.2.2
          Platform: x86
        OS/Version: Windows XP
            Status: NEW
          Severity: Major
          Priority: Medium
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: matthias.kaiser@xxxxxxxxxxxxx


Build Information:
Version 1.2.2 (SVN Rev 29910)

Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.16.2, with GLib 2.20.3, with WinPcap (version unknown),
with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI 0.4.8,
with c-ares 1.6.0, with Lua 5.1, with GnuTLS 2.8.1, with Gcrypt 1.4.4, with MIT
Kerberos, with GeoIP, with PortAudio V19-devel (built Sep 14 2009), with
AirPcap.

Running on Windows XP Service Pack 3, build 2600, with WinPcap version 4.1
beta5
(packet.dll version 4.1.0.1452), based on libpcap version 1.0.0, GnuTLS 2.8.1,
Gcrypt 1.4.4, with AirPcap 2.1.0 build 815.

Built using Microsoft Visual C++ 9.0 build 30729
--
The protocol Kerberos is disected as STUN2.

Problem was discovered capturing boot and logon traffic from different client
OSs at an Windows 20003 domain controller. Trace Files are attached.

1) Trace file: 1-boot-client-W2K.pcap
All UDP based Kerberos (udp.port ==88) traffic is dissected as STUN2 except one
Kerberos error message.

2) Trace file: 1-boot-client-WXP.pcap
All UDP based Kerberos (udp.port ==88) traffic is dissected as STUN2.

3) Trace file: 1-boot-client-Vista3.pcap
All TCP-based Kerberos (tcp.port == 88) traffic is dissected correctly!

Problem was first discovered on Version 1.2.0.


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.