Wireshark-bugs: [Wireshark-bugs] [Bug 1148] New: LDAP parser error on NTLMSSP authentication + p

Date: Wed, 4 Oct 2006 15:11:58 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1148

           Summary: LDAP parser error on NTLMSSP authentication + probably
                    NTLMSSP encryption
           Product: Wireshark
           Version: 0.99.3
          Platform: PC
        OS/Version: Windows Server 2003
            Status: NEW
          Severity: Blocker
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: ondra@xxxxxxxxxxx


Build Information:
Version 0.99.3 (SVN Rev 19011)

Copyright 1998-2006 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.6.9, with GLib 2.6.6, with WinPcap (version unknown),
with libz 1.2.3, with libpcre 6.4, with Net-SNMP 5.3.1, with ADNS, with Lua
5.1.

Running with WinPcap version 3.1 (packet.dll version 3, 1, 0, 27), based on
libpcap version 0.9[.x] on Windows Server 2003 Service Pack 1, build 3790.
--
When I capture LDAP traffic produced by Microsoft ISA Server 2006 LDAP
authentication, the parser and its product is errorneous.

The LDAP traffic tryies to connect using NTLM (NTLMSSP) authentication provider
and the parser seems to do not understand this kind of traffic.

The whole capture is available at:
http://www.sevecek.com/res/ldap-error-ntlmssp.pcap

Look especially at the packets between 192.168.1.10 (which is actually a
Windows Server 2003 Domain Controller, so that it runs MS LDAP server) and
192.168.1.1 which is the Microsoft ISA Server 2006 running on MS Windows Server
2003.


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.