Dear all,
I've got a capture of an ldap traffic between a w2k8 server and a samba4
server, I would like to be able to see the traffic but wireshark refuse
pretending that the frame (well several ones) are malformed.
To my understanding wireshark stops parsing frame because it says "BER
Error: Wrong tag in tagged type - expected class:APPLICATION(1) tag:0
('end-of-content') but found class:UNIVERSAL(0) tag:5".
Well even if it's broken I am quite sure that it's real LDAP traffic
inside and I would really like to able to parse it and ultimately
decrypt it (providing the keytab and with a capture that include
kerberos traffic as well).
How can it be done ?
I am running wireshark 1.0.3.
Regards.
Matthieu
Attachment:
extract_wireshark
Description: Binary data