Wireshark · Wireshark-users: [Wireshark-users] How to still parse malformed frame

Wireshark-users: [Wireshark-users] How to still parse malformed frame

From: Matthieu Patou <mat+Informatique.Wireshark@xxxxxxxxx>

Date: Sun, 08 Feb 2009 13:57:34 +0300

Dear all,

I've got a capture of an ldap traffic between a w2k8 server and a samba4server, I would like to be able to see the traffic but wireshark refusepretending that the frame (well several ones) are malformed.To my understanding wireshark stops parsing frame because it says "BERError: Wrong tag in tagged type - expected class:APPLICATION(1) tag:0('end-of-content') but found class:UNIVERSAL(0) tag:5".Well even if it's broken I am quite sure that it's real LDAP trafficinside and I would really like to able to parse it and ultimatelydecrypt it (providing the keytab and with a capture that includekerberos traffic as well).


How can it be done ?
I am running wireshark 1.0.3.

Regards.
Matthieu

Attachment: extract_wireshark
Description: Binary data

Prev by Date: Re: [Wireshark-users] x64-bit Support
Next by Date: [Wireshark-users] Wireshark & monitoring in the enterprise environment
Previous by thread: Re: [Wireshark-users] Wireshark 1.0.6 is now available
Next by thread: [Wireshark-users] Wireshark & monitoring in the enterprise environment
Index(es):
- Date
- Thread