Re: [Wireshark-users] Decoding GSS-API between client/server

[Brian Atkins]

The innerContext is Kerberos, so I'd like to see the Mechanism and innerContextToken, so I can then decode the innerContextToken as Krb5 and see the ticket, etc. I can see the TGS-REP coming back to the client before it started GSS with the server.   I have the server's keytab file.  Shouldn't I be able to decrypt the enc-part of the service ticket in the TGS-REP?  I don't see where in the GUI to cause that to be decoded (I did specify the keytab file in the protocol settings for the kerberos protocol). Ultimately, my goal is to see the Microsoft authorization PAC, which I'm trying to use in my code to perform authorization.  Thanks! Brian Atkins Guy Harris wrote: Brian Atkins wrote: I'm trying to decode the GSS-API conversation between a client and server. I can see the traffic on the designated port, but when I select "Decode As", the GSS-API protocol doesn't appear. It's not a "protocol" *per se*. It's not something that usually (if ever) occurs by itself, rather than encapsulated in some protocol such as ONC RPC, DCE RPC, HTTP, DNS, LDAP, SMB, etc.. The encapsulations differ enough that there's no "generic" GSS-API dissector used by all of them - the dissectors for those protocols independently incorporate knowledge of how to call GSS-API dissector functions. What protocol is using GSS-API in your case? _______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.516 / Virus Database: 269.19.2/1223 - Release Date: 1/13/2008 8:23 PM -- Brian Atkins Solutions Architect Indicative Software, Inc. From Visibility to Vision www.indicative.com Mobile: +1 919.757.7054

_______________________________________________
Wireshark-users mailing list
Wireshark-users@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-users