Wireshark · Wireshark-users: Re: [Wireshark-users] why Kerberos ap_rep blob is not parsered out

["ronnie sahlberg" <ronniesahlberg@xxxxxxxxx>]

please try latest svn.   20129 or later

On 12/13/06, Xiaoguang Liu <syslxg@xxxxxxxxx> wrote:
>  hi, I captured a trace between windows XP and a NAS box. the smb sesstion
> setup andx reponse packet (fram 8 in attachment) is interesting. Two blobs,
> responseToken and mechListMIC, seem Kerberos ap_rep blob. But wireshark did
> not parsered them out. Why? Does the Gssapi on the NAS box does not align to
> some RFCs?
>
>
> Frame 8 (458 bytes on wire, 458 bytes captured)
> > Ethernet II, Src: NortelNe_eb:22:01 (00:0e:62:eb:22:01), Dst:
> > WwPcbaTe_81:2f:18 (00:0f:1f:81:2f:18)
> > Internet Protocol, Src: 10.24.8.44 (10.24.8.44), Dst: 10.24.64.228 (
> > 10.24.64.228)
> > Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port:
> > 1227 (1227), Seq: 163, Ack: 1694, Len: 404
> > NetBIOS Session Service
> > SMB (Server Message Block Protocol)
> >     SMB Header
> >     Session Setup AndX Response (0x73)
> >         Word Count (WCT): 4
> >         AndXCommand: No further commands (0xff)
> >         Reserved: 00
> >         AndXOffset: 0
> >         Action: 0x0000
> >         Security Blob Length: 267
> >         Byte Count (BCC): 357
> >         Security Blob: A182010730820103A0030A0100A27D047B607906092A8648...
> >             GSS-API Generic Security Service Application Program Interface
> >                 SPNEGO
> >                     negTokenTarg
> >                         negResult: accept-completed (0)
> >                         responseToken:
> > 607906092A864886F71201020202006F6A3068A003020105...
> >                         mechListMIC:
> > 607906092A864886F71201020202006F6A3068A003020105...
> >         Native OS: Windows 5.0
> >         Native LAN Manager: Windows 2000 LAN Manager
> >         Primary Domain: HOUSING
> >