Hi Julien, Please file a Wireshark bug report for this and include all your attachments with all of this information. This way, the patch won't be forgotten. It may take awhile before someone has a chance to look at it. Thanks. - Chris
-----Original Message----- From: wireshark-dev-boun...@wireshark.org [mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Julien Kerihuel Sent: Sunday, December 05, 2010 5:22 PM To: wireshark-dev@wireshark.org; samba-techni...@lists.samba.org Cc: Development list Subject: [Wireshark-dev] [PATCH] Outlook anywhere: ncacn_http support Hi Lists, I've just finished to write a ncacn_http dissector for Wireshark which provides the ability to dissect Outlook anywhere packets properly (as specified by [MS-RPCH].pdf documentation. I have attached to this email all the material needed to test the patch: - stunnel.pem: the SSL RSA key to use to decrypt SSL'd capture - sample_outlook_anywhere_ssl.pcap: the capture with SSL enabled and including RTS + nspi, rfr, mapi packets - sample_outlook_anywhere_not_ssl.pcap: the capture performed on lo without SSL enabled and filtered to show only RTS packets. Relevant RTS packets can be displayed using (dcerpc.pkt_type == 20) filter. The patch also adds some fuzzy naming on RTS packets given MS-RPCH specifications. They define these PDU body through the flags, number of commands fields and command sequences. FYI, this capture was done between Outlook 2010 and Exchange 2010 using a local SSL proxy to avoid Diffie-Hellman algorithm usage (default with Exchange 2010). In this scenario: - 192.168.0.120 is the Outlook 2010 client - 192.168.0.103 is the SSL proxy I have also added to the email the dcerpc.idl patch for Samba4 which adds the associated IDL for RTS support: 00001-Add-ncacn_http-RTS-IDL-implementation-in-dcerpc.idl.patch It probably doesn't respect the Samba4 usual naming convention, but I thought it would be more useful under this form so you can turn fields to any names you prefer. Kind Regards, Julien. -- Julien Kerihuel j.kerih...@openchange.org OpenChange Project Manager/Developer/Maintainer GPG Fingerprint: 0B55 783D A781 6329 108A B609 7EF6 FE11 A35F 1F79 CONFIDENTIALITY NOTICE: The contents of this email are confidential and for the exclusive use of the intended recipient. If you receive this email in error, please delete it from your system immediately and notify us either by email, telephone or fax. You should not copy, forward, or otherwise disclose the content of the email. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
