Ethereal-dev: [Ethereal-dev] Question about the DCERPC kerberosV decoding.

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Jaime Fournier <jafour1@xxxxxxxxx>
Date: Sun, 8 Sep 2002 20:46:59 -0700 (PDT)
I have found on several idempotent calls, such as
storedata in dfs, that the last 24 bytes of the packet
are marked as kerberos. This makes sense since AUTH is
set to 01. The problem I am seeing is actual payload
at the end of the "kerberos" area. I am not that
familiar with the lay out of the encrypted checksums,
but I was curious if maybe there was a problem with
identifying non kerberos data as part of the checksum.

Below is a packet example.

I was writing "Aa...Zz" to a file over and over again.
The last 12 bytes of the kerberos field appear to be
payload. 

Any input would be greatly appreciated! 



=====
Jaime Fournier

__________________________________________________
Do You Yahoo!?
Yahoo! Finance - Get real-time stock quotes
http://finance.yahoo.com

Attachment: EXAMPLE
Description: EXAMPLE