please try latest svn. 20129 or later
On 12/13/06, Xiaoguang Liu <syslxg@xxxxxxxxx> wrote:
hi, I captured a trace between windows XP and a NAS box. the smb sesstion
setup andx reponse packet (fram 8 in attachment) is interesting. Two blobs,
responseToken and mechListMIC, seem Kerberos ap_rep blob. But wireshark did
not parsered them out. Why? Does the Gssapi on the NAS box does not align to
some RFCs?
Frame 8 (458 bytes on wire, 458 bytes captured)
> Ethernet II, Src: NortelNe_eb:22:01 (00:0e:62:eb:22:01), Dst:
> WwPcbaTe_81:2f:18 (00:0f:1f:81:2f:18)
> Internet Protocol, Src: 10.24.8.44 (10.24.8.44), Dst: 10.24.64.228 (
> 10.24.64.228)
> Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port:
> 1227 (1227), Seq: 163, Ack: 1694, Len: 404
> NetBIOS Session Service
> SMB (Server Message Block Protocol)
> SMB Header
> Session Setup AndX Response (0x73)
> Word Count (WCT): 4
> AndXCommand: No further commands (0xff)
> Reserved: 00
> AndXOffset: 0
> Action: 0x0000
> Security Blob Length: 267
> Byte Count (BCC): 357
> Security Blob: A182010730820103A0030A0100A27D047B607906092A8648...
> GSS-API Generic Security Service Application Program Interface
> SPNEGO
> negTokenTarg
> negResult: accept-completed (0)
> responseToken:
> 607906092A864886F71201020202006F6A3068A003020105...
> mechListMIC:
> 607906092A864886F71201020202006F6A3068A003020105...
> Native OS: Windows 5.0
> Native LAN Manager: Windows 2000 LAN Manager
> Primary Domain: HOUSING
>
