Wireshark mailing list archives
[PATCH] Outlook anywhere: ncacn_http support
From: Julien Kerihuel <j.kerihuel () openchange org>
Date: Sun, 05 Dec 2010 23:22:10 +0100
Hi Lists, I've just finished to write a ncacn_http dissector for Wireshark which provides the ability to dissect Outlook anywhere packets properly (as specified by [MS-RPCH].pdf documentation. I have attached to this email all the material needed to test the patch: - stunnel.pem: the SSL RSA key to use to decrypt SSL'd capture - sample_outlook_anywhere_ssl.pcap: the capture with SSL enabled and including RTS + nspi, rfr, mapi packets - sample_outlook_anywhere_not_ssl.pcap: the capture performed on lo without SSL enabled and filtered to show only RTS packets. Relevant RTS packets can be displayed using (dcerpc.pkt_type == 20) filter. The patch also adds some fuzzy naming on RTS packets given MS-RPCH specifications. They define these PDU body through the flags, number of commands fields and command sequences. FYI, this capture was done between Outlook 2010 and Exchange 2010 using a local SSL proxy to avoid Diffie-Hellman algorithm usage (default with Exchange 2010). In this scenario: - 192.168.0.120 is the Outlook 2010 client - 192.168.0.103 is the SSL proxy I have also added to the email the dcerpc.idl patch for Samba4 which adds the associated IDL for RTS support: 00001-Add-ncacn_http-RTS-IDL-implementation-in-dcerpc.idl.patch It probably doesn't respect the Samba4 usual naming convention, but I thought it would be more useful under this form so you can turn fields to any names you prefer. Kind Regards, Julien. -- Julien Kerihuel j.kerihuel () openchange org OpenChange Project Manager/Developer/Maintainer GPG Fingerprint: 0B55 783D A781 6329 108A B609 7EF6 FE11 A35F 1F79
Attachment:
wireshark_ncacn_http_support.diff
Description:
Attachment:
stunnel.pem
Description:
Attachment:
sample_outlook_anywhere_not_ssl.pcap
Description:
Attachment:
sample_outlook_anywhere_ssl.pcap
Description:
Attachment:
0001-Add-ncacn_http-RTS-IDL-implementation-in-dcerpc.idl.patch
Description:
Attachment:
signature.asc
Description: This is a digitally signed message part
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- [PATCH] Outlook anywhere: ncacn_http support Julien Kerihuel (Dec 05)
- Re: [PATCH] Outlook anywhere: ncacn_http support Maynard, Chris (Dec 06)