Wireshark-bugs: [Wireshark-bugs] [Bug 4097] Kerberos dissected as STUN2
Date: Wed, 7 Oct 2009 05:41:48 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4097





--- Comment #5 from stéphane bryant <sbryant@xxxxxxx>  2009-10-07 05:41:46 PDT ---
The weakness of the heuristic comes from the fact that this dissector
also takes in account the data channel negociated through TURN 
(based on draft-ietf-behave-turn-07. Current version is 16 but
i don't think it differs much in that regard) --which format is not
very distinctive indeed ...
The heuristic difference between UDP and TCP comes from the draft itself:
in stream orientated protocol, the length needs to be padded, not in UDP.

In 'real life', since the channel is being negociated, not much confusion
is possible: we would have to to the same: track the channel negociation, or
at least the presence of regular STUN traffic on the same port bindings...


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.