Wireshark · Ethereal-dev: Re: [Ethereal-dev] Reassembly of security blob in SMB dissector

Ethereal-dev: Re: [Ethereal-dev] Reassembly of security blob in SMB dissector

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Richard Sharpe <rsharpe@xxxxxxxxxxxxxxxxx>

Date: Mon, 3 Feb 2003 07:56:39 -0800 (PST)

On Mon, 3 Feb 2003, Jean-Baptiste Marchand wrote:

> Hello,
> 
> the attached capture shows the establishment of an SMB session,
> authenticated with a Kerberos 5 token (extended security mode). 
> 
> Because of the token size, the SessionSetupAndX request is carried over
> two NBSS messages. Thus, it is not possible to decode the content of the
> security blob.

Works for me. Just specify TCP re-assembly and SMB re-assembly.
 
> Looking at the SMB dissector options, it seems that fragmentation
> reassembly is currently possible for DCE/RPC PDU (carried over SMB
> named pipes) and SMB Transact payload command. Does security blob
> reassembly would fit in the same category?
> 
> I can work on this if nobody else plans to implement it.
> 
> Thanks for your help,
> 
> Jean-Baptiste Marchand
> 

-- 
Regards
-----
Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, 
sharpe[at]ethereal.com, http://www.richardsharpe.com

Attachment: smb_ext_sec_krb5.cap.gz
Description: application/gunzip

References:
- [Ethereal-dev] Reassembly of security blob in SMB dissector
  - From: Jean-Baptiste Marchand

Prev by Date: [Ethereal-dev] Reassembly of security blob in SMB dissector
Next by Date: [Ethereal-dev] WMLC and WBXML
Previous by thread: [Ethereal-dev] Reassembly of security blob in SMB dissector
Next by thread: Re: [Ethereal-dev] Reassembly of security blob in SMB dissector
Index(es):
- Date
- Thread