Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SSL LDAP dialog - bad request interpretation?

From: Gerald Combs <gerald () wireshark org>
Date: Tue, 26 Apr 2011 08:31:40 -0700
This was fixed in 1.4.5. 1.4.6 is the latest (and recommended) version.

On 4/25/11 11:22 PM, Frantisek Hanzlik wrote:

I use wireshark (Version 1.4.4 Linux Fedora 14 i686) to decode SSL
LDAP communication between System Security Services Daemon (sssd)
and openldap server. All three pieces SW (wireshark, sssd, slapd)
runs on one machine, communication go through IPv4 loopback interface.

It seems as wireshark bad decode (TLS/SSL) LDAP request:
- in Packet List window is packet marked as "Malformed"
- in Packed Detail is line:
  (Error/Undecoded): Filter length exceeds 4096. Giving up
  although packed itself has only 500 Byte (at TCP layer)
- Packet Detail not contains all requests detail.

Openldap server response seems fine and wireshark probably decode and
display it fine too.

Wireshark version details (copied from About window):
=====
Compiled (32-bit) with GTK+ 2.22.0, with GLib 2.26.0, with libpcap 1.1.1,
without libz, without POSIX capabilities, without libpcre, with SMI 0.4.8,
without c-ares, without ADNS, with Lua 5.1, without Python, with GnuTLS 2.8.6,
with Gcrypt 1.4.5, with MIT Kerberos, with GeoIP, with PortAudio V19-devel
(built Jul 28 2009), without AirPcap.

Running on Linux 2.6.35.12-88.fc14.i686.PAE, with libpcap version 1.1.1, GnuTLS
2.8.6, Gcrypt 1.4.5.

Built using gcc 4.5.1 20100924 (Red Hat 4.5.1-4).
=====

Unfortunately I cannot send plain non-ssl dialog, as sssd daemon not
allow that (even on loopback), I think.

I attach printscreen and 5 packets LDAP dialog export to plain text.
Excuse me in case when there is another problem, but I cannot explain
this case in other manner. Can anyone?

Thanks, Franta Hanzlik




___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe



-- 
Join us for Sharkfest ’11! · Wireshark® Developer and User Conference
Stanford University, June 13-16 · http://sharkfest.wireshark.org
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: