tap the ntlmssp protocol and extract the account/domain names when users authenticate.

If known   put the account name, domain name, host name and which frame the suer authenticated in in an expansion below UID in the SMB2 header





git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16723 f5534014-38df-0310-8fa8-9805f1628bb7

1 files changed, 10 insertions, 0 deletions

diff --git a/epan/dissectors/packet-smb2.h b/epan/dissectors/packet-smb2.h
index f643eb181d..8a783b972a 100644
--- a/epan/dissectors/packet-smb2.h
+++ b/epan/dissectors/packet-smb2.h
@@ -65,6 +65,14 @@ typedef struct _smb2_tid_info_t {
 	char *name;
 } smb2_tid_info_t;
 
+typedef struct _smb2_uid_info_t {
+	guint64 uid;
+	guint32 auth_frame;
+	char *acct_name;
+	char *domain_name;
+	char *host_name;
+} smb2_uid_info_t;
+
 /* Structure to keep track of conversations and the hash tables.
  * There is one such structure for each conversation.
  */
@@ -73,6 +81,7 @@ typedef struct _smb2_conv_info_t {
 	GHashTable *unmatched;
 	GHashTable *matched;
 	GHashTable *tids;
+	GHashTable *uids;
 } smb2_conv_info_t;
 
 /* This structure contains information from the SMB2 header
@@ -84,6 +93,7 @@ typedef struct _smb2_info_t {
 	guint32 ioctl_function;
 	guint32 status;
 	guint32 tid;
+	guint64 uid;
 	guint64 seqnum;
 	gboolean response; /* is this a response ? */
 	smb2_conv_info_t	*conv;