Ah okay that makes sense I was wondering how it was going to decode GSS when
it isn't a network protocol. The release note just said GSS-API and SPNEGO
added so I didn't know what it was doing.
What I was looking at was a custom application (actually sample code) which
does the typical sending the length first then sending the GSS token or in
some cases the SSPI token. I will have to take a look at how the decoder is
being integrated since I would be interested in being able to decode traffic
similar to this and the MIT kerberized ftp which also uses the GSS-API.
Thanks,
Doug
Guy Harris wrote:
> On Wed, Oct 09, 2002 at 12:32:52PM -0700, Doug wrote:
> > The Ethereal 0.9.7 release announcements indicate that support was added
> > for SPNEGO and GSS-API.
> >
> > I tried sniffing an SPNEGO connection and a GSS-API connection
>
> What do you mean by an "SPNEGO connection" and "GSS-API connection"?
> Neither RFC 2478 (the SPNEGO RFC) nor RFC 2078 (the GSSAPI RFC)
> describe protocols that, for example, run directly atop
> TCP.
>
> > but neither seemed to be decoded.
>
> What protocol is *REALLY* being used over the connections?
>
> Ethereal will dissect GSS-API negotiation inside:
>
> DCE RPC packets;
>
> LDAP packets;
>
> ONC RPC packets;
>
> SMB messages;
>
> and if the GSS-API packets use the SPNEGO OID (1.3.6.1.5.5.2) the
> GSS-API dissector will dissect the SPNEGO stuff.
>
> > I chose the packets that I knew were SPNEGO and GSS-API
>
> What protocols did those packet use?
>
> > and tried to use Tools - Decode As, but I did not see
> > any options for SPNEGO or GSS.
>
> That's because decoding stuff as GSS-API isn't as simple as the stuff
> the "Decode As" mechanism supports (and because SPNEGO is something atop
> GSS-API).