On Mon, Aug 26, 2002 at 03:42:00PM +0930, Richard Sharpe wrote: > I am pretty close to having NTLMSSP and SPNEGO fixed to dissect things > properly.
Presumably this includes making the handling of GSS-API stuff using SPNEGO stateful, so that the security blob on packets *after* the first Session Setup andX doesn't get dissected as a GSS-API token, but gets dissected as, I suspect, an RFC 2478 NegotiationToken? Note that if this is the generic GSS-API token dissector stuff, that is also used by the ONC RPC dissector, as well as both the SMB and the DCE RPC dissector, and I have some changes to the LDAP dissector that I'll be checking in to make it use that dissector as well; if you're making the handling stateful, that mechanism should also be made usable by non-SMB and non-DCE RPC dissectors. Presumably this also includes making NTLMSSP handling stateful, as I think Devin Heitmueller said that the dissection of the NTLMSSP blob in NTLMSSP_AUTH may depend on the flags from earlier NTLMSSP_NEGOTIATE or NTLMSSP_CHALLENGE packets. The NTLMSSP blob dissector is also used outside the DCE RPC code, in the HTTP dissector.
