Sorry about that. I've been crazy busy the last two weekends, and have not had a chance to get back to the dissector.
Guy sent me two traces on Aug 10th (both broken in my dissector), and based on them it seems clear that we do indeed need to reference the flags field from the previous frame. I have not had the opportunity to make the necessary changes to the dissector to address the problems Guy mentioned. If Richard's patch does make NTLMSSP stateful, this will help significantly, since I had not yet gone through the ethereal docs to learn how to maintain state by tcp session. -Devin On Mon, 2002-08-26 at 04:57, Guy Harris wrote: > On Mon, Aug 26, 2002 at 03:42:00PM +0930, Richard Sharpe wrote: > > I am pretty close to having NTLMSSP and SPNEGO fixed to dissect things > > properly. > > Presumably this includes making the handling of GSS-API stuff using > SPNEGO stateful, so that the security blob on packets *after* the first > Session Setup andX doesn't get dissected as a GSS-API token, but gets > dissected as, I suspect, an RFC 2478 NegotiationToken? > > Note that if this is the generic GSS-API token dissector stuff, that is > also used by the ONC RPC dissector, as well as both the SMB and the DCE > RPC dissector, and I have some changes to the LDAP dissector that I'll > be checking in to make it use that dissector as well; if you're making > the handling stateful, that mechanism should also be made usable by > non-SMB and non-DCE RPC dissectors. > > Presumably this also includes making NTLMSSP handling stateful, as I > think Devin Heitmueller said that the dissection of the NTLMSSP blob in > NTLMSSP_AUTH may depend on the flags from earlier NTLMSSP_NEGOTIATE or > NTLMSSP_CHALLENGE packets. The NTLMSSP blob dissector is also used > outside the DCE RPC code, in the HTTP dissector. > _______________________________________________ > Ethereal-dev mailing list > [EMAIL PROTECTED] > http://www.ethereal.com/mailman/listinfo/ethereal-dev -- Devin Heitmueller Senior Software Engineer Netilla Networks Inc
