Wireshark-users: [Wireshark-users] why Kerberos ap_rep blob is not parsered out
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: "Xiaoguang Liu" <syslxg@xxxxxxxxx>
Date: Wed, 13 Dec 2006 08:40:13 +0800
hi, I captured a trace between windows XP and a NAS box. the smb sesstion setup andx reponse packet (fram 8 in attachment) is interesting. Two blobs, responseToken and mechListMIC, seem Kerberos ap_rep blob. But wireshark did not parsered them out. Why? Does the Gssapi on the NAS box does not align to some RFCs?
 

Frame 8 (458 bytes on wire, 458 bytes captured)
Ethernet II, Src: NortelNe_eb:22:01 (00:0e:62:eb:22:01), Dst: WwPcbaTe_81:2f:18 (00:0f:1f:81:2f:18)
Internet Protocol, Src: 10.24.8.44 (10.24.8.44), Dst: 10.24.64.228 (10.24.64.228)
Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 1227 (1227), Seq: 163, Ack: 1694, Len: 404
NetBIOS Session Service
SMB (Server Message Block Protocol)
    SMB Header
    Session Setup AndX Response (0x73)
        Word Count (WCT): 4
        AndXCommand: No further commands (0xff)
        Reserved: 00
        AndXOffset: 0
        Action: 0x0000
        Security Blob Length: 267
        Byte Count (BCC): 357
        Security Blob: A182010730820103A0030A0100A27D047B607906092A8648...
            GSS-API Generic Security Service Application Program Interface
                SPNEGO
                    negTokenTarg
                        negResult: accept-completed (0)
                        responseToken: 607906092A864886F71201020202006F6A3068A003020105...
                        mechListMIC: 607906092A864886F71201020202006F6A3068A003020105...
        Native OS: Windows 5.0
        Native LAN Manager: Windows 2000 LAN Manager
        Primary Domain: HOUSING

Attachment: 1.cap
Description: Binary data