Thanks a lot for your helpful information. I do see that packet and the
KRB5 blob and that makes sense. Do you happen to know of a good
tutorial or site that I can go to to decipher this information? In
particular I'm trying to determine why some logons are taking longer on
different subnets. Thanks again for your help :)
Garion
-----Original Message-----
From: ethereal-users-bounces@xxxxxxxxxxxx
[mailto:ethereal-users-bounces@xxxxxxxxxxxx]
Sent: Thursday, March 18, 2004 11:55 PM
To: Ethereal user support
Subject: Re: [Ethereal-users] Invalid LDAP message (can't parse
sequenceheader: Wrong type for that item)
On Thu, Mar 18, 2004 at 09:52:50AM -0600, Brown, Garion wrote:
> I am seeing this message over and over again in my captures from my
> Windows XP workstation to my WIndows 2000 Domain Controller:
>
> "Invalid LDAP message (can't parse sequence header: Wrong type for
> that item)"
Is the LDAP traffic between your workstation and the domain controller
encrypted? (I suspect it is, given that there's a krb5_seal_alg value
of RC4 in the Kerberos 5 blob for the GSS-API token in packet 8.)
If so, that's the problem - Ethereal can't decrypt that traffic.
We probably need to have some way by which the GSS-API token dissector
can return an indication of whether the packet is signed or sealed, and
not bother trying to dissect it if it's sealed, just show it as
encrypted data, or find some other way of figuring out whether the
traffic is encrypted.
_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users