diff options
author | gal <gal@f5534014-38df-0310-8fa8-9805f1628bb7> | 2011-09-30 15:21:16 +0000 |
---|---|---|
committer | gal <gal@f5534014-38df-0310-8fa8-9805f1628bb7> | 2011-09-30 15:21:16 +0000 |
commit | 739efd9ac4cda2c562223a6ca69cab3340aca538 (patch) | |
tree | 0b106c207b583bf2793678d0ad4c667139e9e024 /epan/dissectors/packet-ntlmssp.c | |
parent | 7191c057be953f8c551e0d189ff97c30bce1fb65 (diff) |
Microsoft Credential Security Support Provider (CredSSP) support.
Used by direct approach RDP for NTLMSSP authentication under SSL.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@39196 f5534014-38df-0310-8fa8-9805f1628bb7
Diffstat (limited to 'epan/dissectors/packet-ntlmssp.c')
-rw-r--r-- | epan/dissectors/packet-ntlmssp.c | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/epan/dissectors/packet-ntlmssp.c b/epan/dissectors/packet-ntlmssp.c index 7188c70015..f75c8d1578 100644 --- a/epan/dissectors/packet-ntlmssp.c +++ b/epan/dissectors/packet-ntlmssp.c @@ -1750,7 +1750,7 @@ dissect_ntlmssp_auth (tvbuff_t *tvb, packet_info *pinfo, int offset, data_start = MIN(data_start, item_start); data_end = MAX(data_end, item_end); - col_append_fstr(pinfo->cinfo, COL_INFO, ", User: %s\\%s", + col_append_sep_fstr(pinfo->cinfo, COL_INFO, ", ", "User: %s\\%s", ntlmssph->domain_name, ntlmssph->acct_name); /* hostname */ @@ -2164,7 +2164,7 @@ dissect_ntlmssp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) ntlmssph->type = tvb_get_letohl (tvb, offset); offset += 4; - col_append_fstr(pinfo->cinfo, COL_INFO, ", %s", + col_append_sep_fstr(pinfo->cinfo, COL_INFO, ", ","%s", val_to_str(ntlmssph->type, ntlmssp_message_types, "Unknown message type")); @@ -2204,6 +2204,18 @@ dissect_ntlmssp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) /*tap_queue_packet(ntlmssp_tap, pinfo, ntlmssph);*/ } +static gboolean +dissect_ntlmssp_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree) +{ + + if(tvb_memeql(tvb, 0, "NTLMSSP", 8) == 0) { + + dissect_ntlmssp(tvb, pinfo, parent_tree); + return TRUE; + } + + return FALSE; +} /* @@ -3021,6 +3033,9 @@ proto_reg_handoff_ntlmssp(void) DCE_C_RPC_AUTHN_PROTOCOL_NTLMSSP, &ntlmssp_seal_fns); ntlmssp_tap = register_tap("ntlmssp"); + + heur_dissector_add("credssp", dissect_ntlmssp_heur, proto_ntlmssp); + } /* |