Ethereal

Re: [Ethereal-dev] Reassembly of security blob in SMB dissector
Google
 
Web Ethereal.com

Home | Introduction | Documentation | Lists | FAQ | Development | Wiki | Bugs

Main Index | Thread Index | Mailing Lists | | Date Prev | Date Next | Thread Prev | Thread Next

Ethereal-dev: February 2003

 

On Mon, 3 Feb 2003, Jean-Baptiste Marchand wrote:

> Hello,
> 
> the attached capture shows the establishment of an SMB session,
> authenticated with a Kerberos 5 token (extended security mode). 
> 
> Because of the token size, the SessionSetupAndX request is carried over
> two NBSS messages. Thus, it is not possible to decode the content of the
> security blob.

Works for me. Just specify TCP re-assembly and SMB re-assembly.
 
> Looking at the SMB dissector options, it seems that fragmentation
> reassembly is currently possible for DCE/RPC PDU (carried over SMB
> named pipes) and SMB Transact payload command. Does security blob
> reassembly would fit in the same category?
> 
> I can work on this if nobody else plans to implement it.
> 
> Thanks for your help,
> 
> Jean-Baptiste Marchand
> 

-- 
Regards
-----
Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, 
sharpe[at]ethereal.com, http://www.richardsharpe.com

Attachment: smb_ext_sec_krb5.cap.gz
Description: application/gunzip

Powered by MHonArc 2.6.10

Please send support questions about Ethereal to the ethereal-users[AT]ethereal.com mailing list.
For corrections/additions/suggestions for this web page (and not Ethereal support questions), please send email to ethereal-web[AT]ethereal.com.
Last modified: Fri, November 10 2006.
"Ethereal" and the "e" logo are registered trademarks of Ethereal, Inc.