diff options
author | Graeme Lunt <graeme.lunt@smhs.co.uk> | 2011-09-21 07:35:51 +0000 |
---|---|---|
committer | Graeme Lunt <graeme.lunt@smhs.co.uk> | 2011-09-21 07:35:51 +0000 |
commit | 9db6d4065699e4b1128ac798f674dcbf3e0a43a2 (patch) | |
tree | ceb35affc2c80067b78b1daed782613d272ca6b2 /epan/dissectors/packet-ses.c | |
parent | 3e7c0390d77e9288fc7048f4d0f0e833a2a4d9f4 (diff) |
Basic RDP dissection, which can dissect the connection sequence.
A work in progress.
Can be used with the SSL dissector to decrypt Enhanced RDP Security SSL.
With Standard RDP Security (e.g those on Wiki), the PDUs are all encrypted
after the SecurityExchange PDU.
Wiki to be updated with an example SSL protected capture and associated
key material.
svn path=/trunk/; revision=39066
Diffstat (limited to 'epan/dissectors/packet-ses.c')
-rw-r--r-- | epan/dissectors/packet-ses.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/epan/dissectors/packet-ses.c b/epan/dissectors/packet-ses.c index 4f07705851..09115acf4b 100644 --- a/epan/dissectors/packet-ses.c +++ b/epan/dissectors/packet-ses.c @@ -1206,7 +1206,7 @@ dissect_ses(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) * If so, dissect it as such (GIVE_TOKENS and DATA_TRANSFER have * the same SPDU type value). */ - if (type == SES_PLEASE_TOKENS || type == SES_GIVE_TOKENS) + if ((type == SES_PLEASE_TOKENS) || (type == SES_GIVE_TOKENS)) offset = dissect_spdu(tvb, offset, pinfo, tree, TOKENS_SPDU, FALSE); @@ -1992,6 +1992,15 @@ dissect_ses_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree) if (tvb_length(tvb) < len) return FALSE; /* no */ + /* final check to see if the next SPDU, if present, is also valid */ + if (tvb_length(tvb) > len) { + type = tvb_get_guint8(tvb, offset + len + 1); + /* check SPDU type */ + if (match_strval(type, ses_vals) == NULL) { + return FALSE; /* no, it isn't a session PDU */ + } + } + dissect_ses(tvb, pinfo, parent_tree); return TRUE; } |