Wireshark · Ethereal-dev: [Ethereal-dev] NTLMSSP has problems in the challenge decode

Ethereal-dev: [Ethereal-dev] NTLMSSP has problems in the challenge decode

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Richard Sharpe <rsharpe@xxxxxxxxxx>

Date: Sun, 1 Sep 2002 11:44:06 +0930 (CST)

Hi,

I was looking at the NTLMSSP dissector and running it over some data now 
that SPNEGO is working OK, and I noticed two things:

1. We know that the NTLMSSP blob is NDR encoded, so rather than breaking 
it out by hand, it would be a lot more useful if the support in 
packet-dcerpc.c et al was used.

2. The challenge field has a top level ref pointer to a string. That is 
what those unknown1 and unknown2 uint32s are. The first one contains the 
actual and max len for the string and the second is a buffer ref.

I migt get some time next week to rework it if someone else doesn't first.

Regards
-----
Richard Sharpe, rsharpe@xxxxxxxxxx, rsharpe@xxxxxxxxx, 
sharpe@xxxxxxxxxxxx

Prev by Date: Re: [Ethereal-dev] Simple Extension API, patch for tethereal and rpcstat example
Next by Date: Re: [Ethereal-dev] GTK+ v2 port
Previous by thread: [Ethereal-dev] IS-IS patch
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$