NTLMSSP, the state of the RC4 stream is dependent on the stub being
decrypted before the verifier.
Correctly set the length and reported length of the tvb for the stub
(the reported length of that tvb should be set based on the *reported*
length of the parent tvbuff, not the captured length).
svn path=/trunk/; revision=11938
and "if (!tree)" checks updates the Info column and calls subdissectors,
so we can't bypass all of it - don't bypass any of it.
svn path=/trunk/; revision=11903
so that IF kerberos succeeds in decrypting a blob it can print a nice
"[Decrypted using: keytab principal foo/bar@REALM]"
or
"[Decrypted using: key learnt from frame xx]"
This makes it much easier to keep track of what keys decrypt what blob
and is very useful for illustrating the sequence of keys that are exchanged and used in kerberos during the AS/TGS/AP exchanges.
svn path=/trunk/; revision=11853
ethereal used to (bug) print in the summary line
"[Continuation to #%d]" where %d was the current frame number.
Fix this bug and let %d print the frame number of the first frame for this multiframe PDU.
(Strange that no one has complained about this one)
svn path=/trunk/; revision=11852
make ethereal attempt to automatically detect wether header digest is used or not for iscsi sessions.
This makes ethereal decode the packets properly EVEN for perfectly normal sessions where
the discovery session is performed with no digest but the normal login session negotiates digest.
the detected headerdigest setting is tcp session wide and thus it
it does not work for such initiators (if such exist) that resuse the same socketpair between the discovery and normal login sessions.
svn path=/trunk/; revision=11850
later this soon to be implemented structure (and not the conversation) will
hold the information we need to track wether
digests etc are in use or not.
this also allows some minor indentation cleanups as well.
svn path=/trunk/; revision=11848
try to access the conversation structures unless the
proper preferences are enabled (so that the structs exists iun the first place)
svn path=/trunk/; revision=11845
If window scaling is NOT offered in the SYN+ACK then window scaling will
not be used at all, so clear it if we saw it offered previously in the SYN packet.
If the window is scaled in a packet, make ethereal display that by appendign the
string " (scaled)" to the end of the tcp.window line in the
decode pane.
svn path=/trunk/; revision=11837
1. Fix Fax Number NDS attribute. This was causing malformed
packet message due to improper decoding.
2. Do not try to decode packet beyond connection status when
return value is non-zero (error condition).
svn path=/trunk/; revision=11836
This tag was part of an early kerberos draft but had dissapeared
when 1510 was published.
this early draft exist in implementations in the wild.
add 4 extra checksum types as well from that draft.
svn path=/trunk/; revision=11834
references to a packet - just re-"decrypt" it (not a lot of work, given
the sophisticated encryption MAPI uses). We don't save decrypted data
for non-trivial encryptions, so there's not much of a reason to save it
here - and the code to save it was at least sometimes not finding it
again, causing crashes.
Set the length and reported length of the decrypted data tvbuff
appropriately.
svn path=/trunk/; revision=11812
From Luis Ontanon: add some fields for filtering r packet-isup which adds A,B and C numbers to the
fields (that is called,calling and redirecting number). Changed the patch to not use hidden fields and some code clean up
svn path=/trunk/; revision=11811
integers.
Make FT_INT64 and FT_UINT64 add numerical values, rather than byte-array
values, to the protocol tree, and add routines to add specified 64-bit
integer values to the protocol tree.
Use those routines in the RSVP dissector.
svn path=/trunk/; revision=11796
I (hopefully) didn't changed any protocol fields or preference file names, but only the GUI labels appearing in the protocol display and the protocol preferences.
Also added a note to the protocol preferences (where appropriate), that you have to enable "Allow subdissectors to reassemble TCP streams" at the corresponding protocol settings for TCP reassembling to take effect.
If you encounter any mistakes I've made here, please let me know...
svn path=/trunk/; revision=11784
fields (that is called,calling and redirecting number). Changed the patch to not use hidden fields and some code clean up.
svn path=/trunk/; revision=11780
the NTLMv2 blob, so don't bother dissecting it for now - perhaps we
should see how much of the NTLMv2 response remains, and, if there is
any, put it into the tree as extra data.
svn path=/trunk/; revision=11765
encapsulated options, just give up on the option in which they're
encapsulated.
Note that for the Relay Message option, we should perhaps dissect the
option data as a DHCP message, not just a sequence of options.
svn path=/trunk/; revision=11756
produces some floating-point noise in the nanoseconds field; we've
required 64-bit integer support for a while, so use that.
svn path=/trunk/; revision=11754
- test for NULL conversation data to avoid a potential crash when
looking up stream setup info (as RTP dissector does);
- adds a heuristic function (like RTP, this is a preference
initially set to off).
svn path=/trunk/; revision=11748
byte - and a length of 1 is used to put the message digest into the
protocol tree, which agrees with that. Therefore, "tvb_get_guint8()"
should be used to fetch it.
svn path=/trunk/; revision=11746
(or, as that documentation calls it, the language name) is the database
name; mark it as such.
It also says there's some other stuff, such as a client MAC address,
after the database offset/length (and that the NTLMSSP message doesn't
come right after the database offset/length, there's an offset/length
for the NTLMSSP message). Put in a comment about that.
svn path=/trunk/; revision=11713
protocol "dhcpfo", to match the filter names of its fields; that - or
changing the long name or abbreviation of the protocol - fixes the core
dump (which was in a check for a name being legal).
svn path=/trunk/; revision=11631
ISC DHCP Server 3.0 failover protocol dissection
Note: I tried to make the port configurable via prefs
but failed to do so: It always cashed on startup so it
is commented out for now.
svn path=/trunk/; revision=11630
1. define new TDS packet type (17) - NTLM authentication packet. Call
the ntlmssp dissector to dissect it when needed.
2. define new TDS packet type (18) - donno what it is exactly, but it's
there. Will dissect it someday.
3. heuristic in netlib_check_login_pkt should also check port 2433.
4. unify the dissection of msg and err token. They have the same
structure.
5. improve the dissection of the above mentioned token.
svn path=/trunk/; revision=11616
include of <resolv.h> in any system header file gets the system
<resolv.h> (needed for builds on Tru64 with GTK+ 1.2[.x]).
svn path=/trunk/; revision=11615
NTLMSSP-related than SMB-related, and documents about NTLMSSP talk about
it, so it's a little more convenient to keep all that stuff together -
and export it through a packet-ntlmssp.h header.
svn path=/trunk/; revision=11585
"Negotiate 56", meaning that 56-bit encryption is supported - and that
"Negotiate 128" means that 128-bit encryption is supported, so note that
in the blurb for that flag.
It also says that the values for "Request Init Response", "Request Accept
Response", and 'Request Non-NT Session Key" are a factor of 16 away from
what our #defines say they are, and that 0x000[124]0000 are "Target Type
{Domain,Server,Share}". Note that in a comment.
svn path=/trunk/; revision=11582
check whether "match_strval()" returned a null pointer before
using its return value;
mark the end-of-burst packet.
Clean up white space.
svn path=/trunk/; revision=11551
31A and 31B in the 2000 and later 802.3 specs. (Dissecting them is left
as an exercise for the student.)
Clean up whitespace a bit.
svn path=/trunk/; revision=11536
the distribution, as was the case in the past.
Arrange that RCS IDs be expanded, and that the EOL style be native, for
epan/dissectors/Makefile.{am,common,nmake}.
svn path=/trunk/; revision=11532
before running it (printing echo commands puts extra gunk into the
output), and remove some additional generated files when doing "make
distclean".
svn path=/trunk/; revision=11517
x509af is now virtually complete (the attribute userPassword still needs
an attribute dissector but after that, x509af is complete)
svn path=/trunk/; revision=11510
explicitly pass NULL as the tree argument to
"dissect_ndr_uint32()" - "tree", which was passed before, was
definitely null at that point, and the intent is that it not put
anything into the protocol tree;
use the correct offset when putting items into the protocol tree
(the offset has been advanced just past the end of the field at
the time the items are being put into the protocol tree).
svn path=/trunk/; revision=11506
use this and create a new tvbsubset so that
1, reading too much data is flagged as MALFORMED PACKET indicating a bug in the dissector (or a packet that IS malformed)
2, this also implicitely passes the length of the data through the ber.oid dissector handle in case we want to pick it up later.
svn path=/trunk/; revision=11490
(see how good it is to put markers for emacs macros in the files, it was pretty quick, wasnt it? i even tested the resulting code.)
svn path=/trunk/; revision=11481
Also implement the attribute organizationName which is of this type.
(Add magic comments so emacs-macros will be happy.)
svn path=/trunk/; revision=11479
in promiscuous mode, packets captured promiscuously show up as 802.11
packets encapsulated in Ethernet, with an Ethernet type of 0x2452.
svn path=/trunk/; revision=11451
to the ethereal build.
The dissections are semi-useful but incomplete.
The big problem still remaining is the x509if Name object not being
dissected properly thus causing the dissection to get out of sync/fail
halfway through the certificate structure.
work in progress but already semi-useful.
svn path=/trunk/; revision=11440
Also move ncp222.py, x11-fields, process-x11-fields.pl,
make-reg-dotc, and make-reg-dotc.py.
Adjust #include lines in files that include packet-*.h
files.
svn path=/trunk/; revision=11410