Wireshark mailing list archives
Re: SSL LDAP dialog - bad request interpretation?
From: Gerald Combs <gerald () wireshark org>
Date: Tue, 26 Apr 2011 08:31:40 -0700
This was fixed in 1.4.5. 1.4.6 is the latest (and recommended) version. On 4/25/11 11:22 PM, Frantisek Hanzlik wrote:
I use wireshark (Version 1.4.4 Linux Fedora 14 i686) to decode SSL LDAP communication between System Security Services Daemon (sssd) and openldap server. All three pieces SW (wireshark, sssd, slapd) runs on one machine, communication go through IPv4 loopback interface. It seems as wireshark bad decode (TLS/SSL) LDAP request: - in Packet List window is packet marked as "Malformed" - in Packed Detail is line: (Error/Undecoded): Filter length exceeds 4096. Giving up although packed itself has only 500 Byte (at TCP layer) - Packet Detail not contains all requests detail. Openldap server response seems fine and wireshark probably decode and display it fine too. Wireshark version details (copied from About window): ===== Compiled (32-bit) with GTK+ 2.22.0, with GLib 2.26.0, with libpcap 1.1.1, without libz, without POSIX capabilities, without libpcre, with SMI 0.4.8, without c-ares, without ADNS, with Lua 5.1, without Python, with GnuTLS 2.8.6, with Gcrypt 1.4.5, with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built Jul 28 2009), without AirPcap. Running on Linux 2.6.35.12-88.fc14.i686.PAE, with libpcap version 1.1.1, GnuTLS 2.8.6, Gcrypt 1.4.5. Built using gcc 4.5.1 20100924 (Red Hat 4.5.1-4). ===== Unfortunately I cannot send plain non-ssl dialog, as sssd daemon not allow that (even on loopback), I think. I attach printscreen and 5 packets LDAP dialog export to plain text. Excuse me in case when there is another problem, but I cannot explain this case in other manner. Can anyone? Thanks, Franta Hanzlik ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
-- Join us for Sharkfest ’11! · Wireshark® Developer and User Conference Stanford University, June 13-16 · http://sharkfest.wireshark.org ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- SSL LDAP dialog - bad request interpretation? Frantisek Hanzlik (Apr 26)
- Re: SSL LDAP dialog - bad request interpretation? Gerald Combs (Apr 26)