On Fri, Jan 10, 2003 at 05:10:48PM -0600, McNutt, Justin M. wrote: > Oh, by the way, whatever event this is happens often enough on our > network that long-term captures encounter this quite a bit.
The event appears to be "not having the first packet of a 3-way NTLMSSP negotiation in the capture". The only way that'd happen a lot would be if you were unlucky - there's an SMB Negotiate Protocol response in the capture, but the matching Negotiate Protocol request, which probably contains the first packet of the NTLMSSP negotiation, is missing. It's probably just bad luck, not somebody doing something bad. I'll check in a fix to avoid the null-pointer dereference that this causes, although I'd have to stare a bit more at the GSS-API and SPNEGO specs to see whether it's possible to figure out from the first packet that the responseToken in the second packet is an NTLMSSP response.
