Wireshark · Ethereal-users: Re: [Ethereal-users] Weird SMB dissector bug

Ethereal-users: Re: [Ethereal-users] Weird SMB dissector bug

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <guy@xxxxxxxxxx>

Date: Fri, 10 Jan 2003 15:42:08 -0800

On Fri, Jan 10, 2003 at 05:10:48PM -0600, McNutt, Justin M. wrote:
> Oh, by the way, whatever event this is happens often enough on our
> network that long-term captures encounter this quite a bit.

The event appears to be "not having the first packet of a 3-way NTLMSSP
negotiation in the capture".

The only way that'd happen a lot would be if you were unlucky - there's
an SMB Negotiate Protocol response in the capture, but the matching
Negotiate Protocol request, which probably contains the first packet of
the NTLMSSP negotiation, is missing.

It's probably just bad luck, not somebody doing something bad.

I'll check in a fix to avoid the null-pointer dereference that this
causes, although I'd have to stare a bit more at the GSS-API and SPNEGO
specs to see whether it's possible to figure out from the first packet
that the responseToken in the second packet is an NTLMSSP response.

References:
- [Ethereal-users] Weird SMB dissector bug
  - From: McNutt, Justin M.

Prev by Date: [Ethereal-users] Weird SMB dissector bug
Next by Date: Re: [Ethereal-users] Ethereal Top Talkers - Other reporting info?
Previous by thread: [Ethereal-users] Weird SMB dissector bug
Next by thread: [Ethereal-users] MS ISA Server
Index(es):
- Date
- Thread