Wireshark-users: Re: [Wireshark-users] Decoding GSS-API between client/server
From: Brian Atkins <brian.atkins@xxxxxxxxxxxxxx>
Date: Mon, 14 Jan 2008 17:11:49 -0500
The innerContext is Kerberos, so I'd like to see the Mechanism and innerContextToken, so I can then decode the innerContextToken as Krb5 and see the ticket, etc.

I can see the TGS-REP coming back to the client before it started GSS with the server.   I have the server's keytab file.  Shouldn't I be able to decrypt the enc-part of the service ticket in the TGS-REP?  I don't see where in the GUI to cause that to be decoded (I did specify the keytab file in the protocol settings for the kerberos protocol).

Ultimately, my goal is to see the Microsoft authorization PAC, which I'm trying to use in my code to perform authorization. 

Thanks!
Brian Atkins

Guy Harris wrote:
Brian Atkins wrote:
  
I'm trying to decode the GSS-API conversation between a client and
server.  I can see the traffic on the designated port, but when I select
"Decode As", the GSS-API protocol doesn't appear.
    
It's not a "protocol" *per se*.  It's not something that usually (if
ever) occurs by itself, rather than encapsulated in some protocol such
as ONC RPC, DCE RPC, HTTP, DNS, LDAP, SMB, etc..  The encapsulations
differ enough that there's no "generic" GSS-API dissector used by all of
them - the dissectors for those protocols independently incorporate
knowledge of how to call GSS-API dissector functions.

What protocol is using GSS-API in your case?
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users

No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.516 / Virus Database: 269.19.2/1223 - Release Date: 1/13/2008 8:23 PM

  

--
Brian Atkins

Solutions Architect
Indicative Software, Inc.
From Visibility to Vision
www.indicative.com

Mobile: +1 919.757.7054