Stefan Metzmacher [Sat, 29 Jan 2022 20:27:05 +0000 (21:27 +0100)]
fix FAST with learnt longterm keys
Stefan Metzmacher [Fri, 28 Jan 2022 15:10:36 +0000 (16:10 +0100)]
epan/dissectors/pidl/drsuapi/drsuapi.cnf unicodePwd, ntPasswdHistory, Newer-Keys
Stefan Metzmacher [Fri, 28 Jan 2022 13:02:34 +0000 (14:02 +0100)]
nthashes
Stefan Metzmacher [Fri, 28 Jan 2022 12:26:48 +0000 (13:26 +0100)]
sq kerberos_inject_longterm_key
Stefan Metzmacher [Fri, 28 Jan 2022 11:35:48 +0000 (12:35 +0100)]
epan/dissectors/pidl/drsuapi/drsuapi.cnf disable debugging
Stefan Metzmacher [Fri, 28 Jan 2022 11:34:59 +0000 (12:34 +0100)]
epan/dissectors/packet-dcerpc.c remove debugging
Stefan Metzmacher [Fri, 28 Jan 2022 11:34:41 +0000 (12:34 +0100)]
epan/dissectors/asn1/spnego/packet-spnego-template.c remove debugging
Stefan Metzmacher [Thu, 27 Jan 2022 18:36:54 +0000 (19:36 +0100)]
regen epan/dissectors/packet-kerberos.*
Stefan Metzmacher [Thu, 27 Jan 2022 18:36:36 +0000 (19:36 +0100)]
regen epan/dissectors/packet-dcerpc-drsuapi.c
Stefan Metzmacher [Thu, 27 Jan 2022 18:36:22 +0000 (19:36 +0100)]
Partly drsuapi_dissect_element_package_PrimaryKerberosKey4_value_
Stefan Metzmacher [Thu, 27 Jan 2022 18:36:03 +0000 (19:36 +0100)]
sq decrypt drsuapi attributes
Stefan Metzmacher [Thu, 27 Jan 2022 18:00:21 +0000 (19:00 +0100)]
sq kerberos_inject_longterm_key
Stefan Metzmacher [Thu, 27 Jan 2022 17:58:12 +0000 (18:58 +0100)]
drsuapi_dissect_element_package_PrimaryKerberosKey*_value
Stefan Metzmacher [Thu, 27 Jan 2022 17:57:05 +0000 (18:57 +0100)]
kerberos_inject_longterm_key
Stefan Metzmacher [Thu, 27 Jan 2022 00:09:23 +0000 (01:09 +0100)]
keys array, but no keys subtree and no value
Stefan Metzmacher [Wed, 26 Jan 2022 23:49:37 +0000 (00:49 +0100)]
fix drsuapi_dissect_element_package_PrimaryKerberosBlob_version
Stefan Metzmacher [Wed, 26 Jan 2022 23:43:21 +0000 (00:43 +0100)]
regen epan/dissectors/packet-dcerpc-drsuapi.c
Stefan Metzmacher [Wed, 26 Jan 2022 22:51:08 +0000 (23:51 +0100)]
TODO drsuapi_dissect_package_PrimaryKerberosBlob
Stefan Metzmacher [Wed, 26 Jan 2022 23:09:51 +0000 (00:09 +0100)]
regen epan/dissectors/packet-dcerpc-drsuapi.c
Stefan Metzmacher [Wed, 26 Jan 2022 22:56:43 +0000 (23:56 +0100)]
epan/dissectors/pidl/drsuapi/drsuapi.cnf INLINE arrays
Stefan Metzmacher [Wed, 26 Jan 2022 22:55:59 +0000 (23:55 +0100)]
tools/pidl/lib/Parse/Pidl/Wireshark/NDR.pm TODO INLINE params
Stefan Metzmacher [Wed, 26 Jan 2022 22:55:06 +0000 (23:55 +0100)]
tools/pidl/lib/Parse/Pidl/Wireshark/NDR.pm Struct param_info
Stefan Metzmacher [Wed, 26 Jan 2022 23:04:35 +0000 (00:04 +0100)]
regen epan/dissectors/packet-dcerpc-drsuapi.c
Stefan Metzmacher [Wed, 26 Jan 2022 23:01:09 +0000 (00:01 +0100)]
package_dissector_fn_t
Stefan Metzmacher [Wed, 26 Jan 2022 22:53:46 +0000 (23:53 +0100)]
attr_dissector_fn_t
Stefan Metzmacher [Wed, 26 Jan 2022 21:20:12 +0000 (22:20 +0100)]
package dissectors
Stefan Metzmacher [Wed, 26 Jan 2022 20:58:20 +0000 (21:58 +0100)]
wmem_register_callback(pinfo->pool, drsuapi_GByteArray_destroy_cb, bytes);
Stefan Metzmacher [Wed, 26 Jan 2022 17:42:51 +0000 (18:42 +0100)]
hex to bytes epan/dissectors/pidl/drsuapi/drsuapi.cnf
Stefan Metzmacher [Wed, 26 Jan 2022 17:15:37 +0000 (18:15 +0100)]
supplementalCredentialsPackage package array...
Stefan Metzmacher [Wed, 26 Jan 2022 16:42:12 +0000 (17:42 +0100)]
more epan/dissectors/pidl/drsuapi/drsuapi.cnf
Stefan Metzmacher [Tue, 25 Jan 2022 00:49:46 +0000 (01:49 +0100)]
better ...
Stefan Metzmacher [Mon, 24 Jan 2022 23:59:59 +0000 (00:59 +0100)]
decrypt...
Stefan Metzmacher [Mon, 24 Jan 2022 22:28:01 +0000 (23:28 +0100)]
decryption works, but addid doesn't because of unique pointer layers
RID_CRYPT needed...
Stefan Metzmacher [Mon, 24 Jan 2022 22:00:20 +0000 (23:00 +0100)]
decrypt drsuapi attributes
Stefan Metzmacher [Mon, 24 Jan 2022 19:40:02 +0000 (20:40 +0100)]
dcerpc auth_session_key
Stefan Metzmacher [Mon, 24 Jan 2022 18:33:21 +0000 (19:33 +0100)]
epan/dissectors/pidl/drsuapi/drsuapi.idl => pushd epan/dissectors/pidl/ && make ;popd
Stefan Metzmacher [Mon, 24 Jan 2022 17:38:15 +0000 (18:38 +0100)]
TODO epan/dissectors/pidl/drsuapi/drsuapi.idl
Stefan Metzmacher [Sun, 23 Jan 2022 00:19:28 +0000 (01:19 +0100)]
regen
Stefan Metzmacher [Sun, 23 Jan 2022 00:18:56 +0000 (01:18 +0100)]
new PAC stuff TODO
Stefan Metzmacher [Sat, 22 Jan 2022 22:56:47 +0000 (23:56 +0100)]
regen
Stefan Metzmacher [Sat, 22 Jan 2022 22:29:13 +0000 (23:29 +0100)]
Stefan Metzmacher [Sat, 22 Jan 2022 22:28:18 +0000 (23:28 +0100)]
regen epan/dissectors/packet-kerberos.c
Stefan Metzmacher [Sat, 22 Jan 2022 22:26:54 +0000 (23:26 +0100)]
FAST
Stefan Metzmacher [Sat, 22 Jan 2022 21:41:39 +0000 (22:41 +0100)]
sq regen
Stefan Metzmacher [Sat, 22 Jan 2022 21:41:25 +0000 (22:41 +0100)]
sq epan/dissectors/asn1/kerberos/
Stefan Metzmacher [Sat, 22 Jan 2022 21:24:47 +0000 (22:24 +0100)]
regen
Stefan Metzmacher [Sat, 22 Jan 2022 21:24:26 +0000 (22:24 +0100)]
Cope wit FAST ordering
Stefan Metzmacher [Mon, 27 Dec 2021 10:53:37 +0000 (11:53 +0100)]
regen
Stefan Metzmacher [Mon, 27 Dec 2021 10:53:15 +0000 (11:53 +0100)]
FAST...
Stefan Metzmacher [Thu, 23 Apr 2020 15:19:45 +0000 (17:19 +0200)]
REGENERATE epan/dissectors/packet-kerberos.c => pushd epan/dissectors/asn1/kerberos && make && popd
Change-Id: Idc9d3a4a4e8ba0db3a002ece7a4c5a0faa480716
Stefan Metzmacher [Sat, 23 May 2020 04:00:20 +0000 (06:00 +0200)]
dummy
Change-Id: I36f0451d3c10a0d7954d7eec909056c0da0e1ea2
Stefan Metzmacher [Mon, 5 Jul 2021 12:10:50 +0000 (14:10 +0200)]
Revert "LATER packet-kerberos: ticket_checksum tmpvtb..."
This reverts commit
be72b3cdb9ec0f6c4a54ea398f74fdc40a2b6fed.
Stefan Metzmacher [Mon, 5 Jul 2021 12:08:00 +0000 (14:08 +0200)]
LATER packet-kerberos: ticket_checksum tmpvtb...
Stefan Metzmacher [Mon, 9 Aug 2021 10:04:18 +0000 (12:04 +0200)]
Revert "TODO - test build - packet-kerberos: let decrypt_krb5_data() (of heimdal) use kerberos_all_keys"
This reverts commit
6b34cf2b05305ea0cd42614cd12e038c8b84992f.
Stefan Metzmacher [Thu, 21 May 2020 00:46:41 +0000 (02:46 +0200)]
TODO - test build - packet-kerberos: let decrypt_krb5_data() (of heimdal) use kerberos_all_keys
For now we use kerberos_all_keys, but in future we may select the
map based on passed usage.
Change-Id: I1f29e97aa60a41be3694b75bc4353b3a5dae0eae
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 27 May 2020 08:07:16 +0000 (10:07 +0200)]
Revert "LATER... ei_kerberos_kdc_session_key ..."
This reverts commit
160641c7c203ab757a623fd761e36877289cad49.
Stefan Metzmacher [Thu, 19 Feb 2015 04:40:29 +0000 (05:40 +0100)]
LATER... ei_kerberos_kdc_session_key ...
Change-Id: I2fa88e7f5412f65847da7d127666e2410e43ccb5
Stefan Metzmacher [Wed, 27 May 2020 08:01:31 +0000 (10:01 +0200)]
Revert "LATER... ei_kerberos_kdc_session_key ..."
This reverts commit
5df10f72082ef56e05ed1d2abc02243003d6ca52.
Stefan Metzmacher [Thu, 19 Feb 2015 04:40:29 +0000 (05:40 +0100)]
LATER... ei_kerberos_kdc_session_key ...
Change-Id: I2fa88e7f5412f65847da7d127666e2410e43ccb5
Stefan Metzmacher [Sat, 23 May 2020 03:24:51 +0000 (05:24 +0200)]
Revert "UNUSED enc_key_id_{equal,hash}"
This reverts commit
e946bc8cc312bacc4ae415841d326605df582a82.
Stefan Metzmacher [Sat, 23 May 2020 03:19:18 +0000 (05:19 +0200)]
UNUSED enc_key_id_{equal,hash}
Change-Id: I246b813ba9178808a25a548b74f3b235773b5079
Stefan Metzmacher [Wed, 27 May 2020 08:05:28 +0000 (10:05 +0200)]
Revert "TODO packet-kerberos: decrypt_krb5_with_cb avoid kerberos_all_keys if possible"
This reverts commit
b05d572969a3b9376bf3166f9793cfc04a707ea8.
Stefan Metzmacher [Sun, 24 May 2020 11:37:02 +0000 (13:37 +0200)]
TODO packet-kerberos: decrypt_krb5_with_cb avoid kerberos_all_keys if possible
Change-Id: If3d0dadb80bf1118c9c019f51b546c25e50455cb
Stefan Metzmacher [Tue, 21 Nov 2017 16:04:59 +0000 (17:04 +0100)]
packet-nmf: TODO more
Change-Id: Id087c6acbde6ba2047e044ca98daf102304afeda
Stefan Metzmacher [Tue, 21 Nov 2017 15:16:43 +0000 (16:16 +0100)]
packet-nmf: initial commit
Change-Id: I11bd7b727c77c5c7bd97421b8833c848cf605001
Stefan Metzmacher [Mon, 29 Nov 2021 18:43:32 +0000 (19:43 +0100)]
sq epan/dissectors/packet-xml.c wmem_packet_scope()
Stefan Metzmacher [Wed, 30 Jun 2021 14:37:33 +0000 (16:37 +0200)]
epan/dissectors/packet-xml.c fix segfault
Stefan Metzmacher [Wed, 25 Oct 2017 09:08:58 +0000 (11:08 +0200)]
epan/dissectors/packet-xml.c no printf
Change-Id: Idd13e4260270f72439273f7562a1f9409e9bb3ef
Stefan Metzmacher [Thu, 19 Oct 2017 08:42:41 +0000 (10:42 +0200)]
epan/dissectors/packet-xml.c try to decrypt data, but the data doesn't look correct yet
Change-Id: I84760941f6da2901eb94a9fc12c76144ef392ad6
Stefan Metzmacher [Wed, 18 Oct 2017 16:35:56 +0000 (18:35 +0200)]
more epan/dissectors/packet-xml.c
Change-Id: Ib4e027d79406ed7ac6cdcefb89cc252ad322b0c8
Stefan Metzmacher [Tue, 17 Oct 2017 15:18:31 +0000 (17:18 +0200)]
Revert "DEBUG epan/dissectors/packet-xml.c"
This reverts commit
2bd4ee0c27e26834cc6db47e18c6c721abfedf45.
Stefan Metzmacher [Tue, 17 Oct 2017 15:18:19 +0000 (17:18 +0200)]
DEBUG epan/dissectors/packet-xml.c
Change-Id: Icfe833203cbcfabd68eb267eabd6659d140cd68f
Stefan Metzmacher [Tue, 17 Oct 2017 15:12:14 +0000 (17:12 +0200)]
epan/dissectors/packet-xml.c o:BinarySecurityToken => GSSAPI
http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
Change-Id: I412268f29c8a342d3fe9f1996f387484478bd85e
Stefan Metzmacher [Mon, 4 Jan 2016 12:49:23 +0000 (13:49 +0100)]
Revert "fix old idl"
This reverts commit
dfcc43164cbbad389a02af420b8eb79bbad19f95.
Stefan Metzmacher [Mon, 4 Jan 2016 12:49:18 +0000 (13:49 +0100)]
Stefan Metzmacher [Sun, 15 Nov 2015 09:49:02 +0000 (10:49 +0100)]
sq h2
Change-Id: I79e3f45456ec118c8f4c1db6702e9e4eac041aa1
Stefan Metzmacher [Sun, 15 Nov 2015 11:17:50 +0000 (12:17 +0100)]
fix old idl
Change-Id: I713fd87769bfe91acea88007d0804d2a0c0ffd6d
Stefan Metzmacher [Sun, 15 Nov 2015 11:18:13 +0000 (12:18 +0100)]
epan/dissectors/pidl/regen.sh
Change-Id: Id72d8ac17893934fe9965ef8608530ac00684af1
Stefan Metzmacher [Tue, 29 Sep 2015 17:25:46 +0000 (19:25 +0200)]
prepare-pidl-patch
Change-Id: Ice5d7fe75438cb33bda4cf10059d80ab165a6eb7
Stefan Metzmacher [Sun, 18 Sep 2016 00:40:14 +0000 (02:40 +0200)]
epan/dissectors/packet-dcerpc.c dcerpc-hardening part1 & part2
Change-Id: I907663775f5ebfe66cb994266f99fc15bf645fb1
Aurelien Aptel [Fri, 23 Aug 2019 14:36:18 +0000 (16:36 +0200)]
wiretap: add support for ETL traces (WAS
66fa3ee6455521f6b9f5c7251c0b5c3728953623)
ETL files are Windows native traces. They can be generated using
netsh:
netsh trace start tracefile=c:\mytrace.etl capture=yes
netsh trace stop
They are quite versatile: they store all sorts of system
information (TCP/IP stack state, processes running, ...) and system
events (syscalls, kernel stacks, ...), including network
traffic. It's pretty much the equivalent of strace, ftrace, /proc/
and tcpdump all bundled into one file.
The API to consume and produce those events on a Window system is
called ETW and it uses a myriad of different structs, some
undocumented.
https://docs.microsoft.com/en-us/windows/win32/api/evntcons/
ETL files are made of those structs which are simply dumped from
memory. The file format remains undocumented but can be figured out
by looking at the API struct definitions, hexdumps and some guess
work. Microsoft also has its own tool to explore those traces
(MessageAnalyzer) which was very useful to double-check some of the
findings.
Each event producer is called a Provider and they all have a
GUID. It seems the Provider responsible for generating the network
traffic events is "Microsoft-Windows-NDIS-PacketCapture".
Here is a pseudo-grammar of an ETL file
ETL := ETW_BUFFER+
ETW_BUFFER := WMI_BUFFER_HEADER EVENT+
EVENT := SYSTEM_TRACE_HEADER TRACE_LOGFILE_HEADER
| PERFINFO_TRACE_HEADER
| EVENT_HEADER <-- packets are here
| EVENT_INSTANCE_HEADER
| (other ignored types)
NETMON files use EVENT_HEADER stuctures similar enough that we can
reuse its dissector. But the structure varies enough that we have
to introduce a new WTAP_ENCAP_ETL value.
This ETL reader reuses existing Wireshark support:
- the netmon dissector will dissect the EVENT_HEADER itself.
- the messageanalyzer dissector knows about the NDIS Provider and
will handle the ETW NDIS sub-payload.
Sample capture:
https://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=small-system-misc-ping.etl
Bug: 15104
Change-Id: I0092df8b40b6dfe04893a526c484b849a5153bef
Stefan Metzmacher [Wed, 25 Aug 2010 05:14:40 +0000 (07:14 +0200)]
fix for netmon 3.x captures
metze
Stefan Metzmacher [Thu, 12 Mar 2020 12:59:23 +0000 (13:59 +0100)]
Revert "BROKEN: HACK setup decryption keys for kerberos session setups smbclient..."
This reverts commit
ba6ef8da4cda1fdb8eacfc9574d1e91963ab1a6a.
Stefan Metzmacher [Tue, 25 Feb 2014 14:37:01 +0000 (15:37 +0100)]
BROKEN: HACK setup decryption keys for kerberos session setups smbclient...
Change-Id: I573e44de014ec318998e1bb612c95d877136594f
WAS:
1a12b30350d3b1252a5b3c0cb86f216bef6382f0 in ws-metze/
20190425
Stefan Metzmacher [Sat, 7 Nov 2015 08:24:45 +0000 (09:24 +0100)]
Revert "reassamble TODO"
This reverts commit
928e5f57d0b4223f9e9460ca0452f64c4887625d.
Stefan Metzmacher [Sat, 7 Nov 2015 08:24:33 +0000 (09:24 +0100)]
reassamble TODO
Change-Id: I391cc75a5699d9de36decddf519c583cab78ca8b
Stefan Metzmacher [Tue, 21 Jun 2016 06:55:35 +0000 (08:55 +0200)]
wmem: allow wmem_destroy_list to ignore a NULL list.
I think this should not lead to a crash.
Change-Id: Ic9d903d355f925b2cd5239d51b42f441679ed771
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 13 Nov 2020 14:20:46 +0000 (15:20 +0100)]
packet-dcerpc-netlogon: use SEC_CHAN_* values from packet-dcerpc-misc
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 14 Jul 2021 22:16:03 +0000 (00:16 +0200)]
packet-smb2: add AES-256-* decryption
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 26 Jan 2022 16:26:14 +0000 (17:26 +0100)]
packet-ntlmssp: only mark invalid target_info lists without failing the rest
This copes with invalid target info AvPairs, see
https://bugzilla.samba.org/show_bug.cgi?id=14932
and
https://gitlab.com/wireshark/wireshark/-/issues/17817
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 26 Jan 2022 10:17:33 +0000 (11:17 +0100)]
Revert "NTLMv2 dissector: skip target info for AUTHENTICATE_MESSAGE"
This reverts commit
e8e6a2c6df5ffaf983bdc8b4ccb88c340df8b6cf.
This introduced regression of skipping valid target_info blobs.
The next commit will fix
https://gitlab.com/wireshark/wireshark/-/issues/17817
in a better way.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Gerald Combs [Tue, 25 Jan 2022 21:46:50 +0000 (13:46 -0800)]
Tools: Remove NPL.
Remove tools/npl. It doesn't appear to be used and hasn't had any
activity for many years. Ping #17897.
John Thacker [Wed, 26 Jan 2022 04:14:24 +0000 (23:14 -0500)]
DTLS-SRTP: Set up SRTP and SRTCP sessions
Use the information in a use_srtp Extension in a Server Hello to
set up SRTP and SRTCP sessions according to RFC 5764. It is RECOMMENDED
that symmetric RTP be used with DTLS-SRTP, and RTP and RTCP traffic may
be multiplexed, so set up all four possible connections.
Fix #17905.
Dario Lombardo [Wed, 19 Jan 2022 15:22:01 +0000 (16:22 +0100)]
ieee80211: initialize local buffers.
Fix valgrind errors for jumps on non-initialized memory.
Fix: #17894.
Anders Broman [Wed, 26 Jan 2022 08:40:54 +0000 (09:40 +0100)]
SIP: Add 3GPP TS 24.229 SIP headers.
Michał Kępień [Tue, 25 Jan 2022 19:58:16 +0000 (20:58 +0100)]
DNS: Base32-encode NSEC3 Next Hashed Owner Name
As the owner name of each NSEC3 record is Base32-encoded, the Next
Hashed Owner Name field in those records should also be displayed in
Base32-encoded form. This enables the user to quickly tell what span of
hashed owner names is covered by a given NSEC3 record.
John Thacker [Wed, 26 Jan 2022 04:20:21 +0000 (23:20 -0500)]
DTLS: comment out unused expert info
Guy Harris [Tue, 25 Jan 2022 08:04:01 +0000 (00:04 -0800)]
realtek: add support for some Realtek protocols.
This could be extended to handle some "switch tags" seen when capturing
from interfaces supporting the Linux DSA mechanism.
Gerald Combs [Tue, 25 Jan 2022 17:51:24 +0000 (09:51 -0800)]
Docs: Update markup in the text2pcap man page.
Add an EditorConfig entry as well.
John Thacker [Wed, 19 Jan 2022 04:31:44 +0000 (23:31 -0500)]
RTCP: Don't always Decode As SRTCP
If RTCP is chosen via Decode As, decode as RTCP.
If SRTCP is chosen via Decode As, decode as SRTCP (assuming that
all packets are encrypted, because we can't tell where the E bit is
in that case.)
If possible [S]RTCP is found via the heuristic dissector, assume either
RTCP or (encrypted) SRTCP based a preference. Perhaps later the heuristic
dissector could be improved to make a better decision.