Wireshark mailing list archives
A bug in the SPNEGO asn1-based dissector that shows up when dissecting NTLMSSP
From: Richard Sharpe <realrichardsharpe () gmail com>
Date: Sun, 1 Jul 2012 17:40:51 -0700
Hi folks, There is a bug in the SPNEGO dissector that shows up when dissecting the new445stream242.pcap file that was shown in the CIFS/SMB session at Sharkfest. It occurs in frame 8 and seems to happen because, when dissecting the negTokenTarg, it dissects the NTLMSSP responseToken and then dissects the mechListMIC, however, it does not think that it has used up all the bytes in the TVB by the look of things, and redissects the mechListMIC using a heuristic approach that tries to dissect it as NTLMSSP, which it is not, so it screws up. Can someone have a look at it. -- Regards, Richard Sharpe (何以解憂?唯有杜康。--曹操) ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- A bug in the SPNEGO asn1-based dissector that shows up when dissecting NTLMSSP Richard Sharpe (Jul 01)