Ah okay that makes sense I was wondering how it was going to decode GSS when it isn't a network protocol. The release note just said GSS-API and SPNEGO added so I didn't know what it was doing.
What I was looking at was a custom application (actually sample code) which does the typical sending the length first then sending the GSS token or in some cases the SSPI token. I will have to take a look at how the decoder is being integrated since I would be interested in being able to decode traffic similar to this and the MIT kerberized ftp which also uses the GSS-API. Thanks, Doug Guy Harris wrote: > On Wed, Oct 09, 2002 at 12:32:52PM -0700, Doug wrote: > > The Ethereal 0.9.7 release announcements indicate that support was added > > for SPNEGO and GSS-API. > > > > I tried sniffing an SPNEGO connection and a GSS-API connection > > What do you mean by an "SPNEGO connection" and "GSS-API connection"? > Neither RFC 2478 (the SPNEGO RFC) nor RFC 2078 (the GSSAPI RFC) > describe protocols that, for example, run directly atop > TCP. > > > but neither seemed to be decoded. > > What protocol is *REALLY* being used over the connections? > > Ethereal will dissect GSS-API negotiation inside: > > DCE RPC packets; > > LDAP packets; > > ONC RPC packets; > > SMB messages; > > and if the GSS-API packets use the SPNEGO OID (1.3.6.1.5.5.2) the > GSS-API dissector will dissect the SPNEGO stuff. > > > I chose the packets that I knew were SPNEGO and GSS-API > > What protocols did those packet use? > > > and tried to use Tools - Decode As, but I did not see > > any options for SPNEGO or GSS. > > That's because decoding stuff as GSS-API isn't as simple as the stuff > the "Decode As" mechanism supports (and because SPNEGO is something atop > GSS-API).
