Re: [PATCH] Outlook anywhere: ncacn_http support

["Maynard, Chris" <Christopher.Maynard () GTECH COM>]

Hi Julien,
Please file a Wireshark bug report for this and include all your attachments with all of this information.  This way, 
the patch won't be forgotten.  It may take awhile before someone has a chance to look at it.
Thanks.
- Chris

-----Original Message-----
From: wireshark-dev-bounces () wireshark org [mailto:wireshark-dev-bounces () wireshark org] On Behalf Of Julien 
Kerihuel
Sent: Sunday, December 05, 2010 5:22 PM
To: wireshark-dev () wireshark org; samba-technical () lists samba org
Cc: Development list
Subject: [Wireshark-dev] [PATCH] Outlook anywhere: ncacn_http support

Hi Lists,

I've just finished to write a ncacn_http dissector for Wireshark which provides the ability to dissect Outlook anywhere 
packets properly (as specified by [MS-RPCH].pdf documentation.

I have attached to this email all the material needed to test the patch:
        - stunnel.pem: the SSL RSA key to use to decrypt SSL'd capture
        - sample_outlook_anywhere_ssl.pcap: the capture with SSL enabled
        and including RTS + nspi, rfr, mapi packets
        - sample_outlook_anywhere_not_ssl.pcap: the capture performed on
        lo without SSL enabled and filtered to show only RTS packets.

Relevant RTS packets can be displayed using (dcerpc.pkt_type == 20) filter.

The patch also adds some fuzzy naming on RTS packets given MS-RPCH specifications. They define these PDU body through 
the flags, number of commands fields and command sequences.

FYI, this capture was done between Outlook 2010 and Exchange 2010 using a local SSL proxy to avoid Diffie-Hellman 
algorithm usage (default with Exchange 2010).

In this scenario:
        - 192.168.0.120 is the Outlook 2010 client
        - 192.168.0.103 is the SSL proxy

I have also added to the email the dcerpc.idl patch for Samba4 which adds the associated IDL for RTS support:
00001-Add-ncacn_http-RTS-IDL-implementation-in-dcerpc.idl.patch

It probably doesn't respect the Samba4 usual naming convention, but I thought it would be more useful under this form 
so you can turn fields to any names you prefer.

Kind Regards,
Julien.

--
Julien Kerihuel
j.kerihuel () openchange org
OpenChange Project Manager/Developer/Maintainer

GPG Fingerprint: 0B55 783D A781 6329 108A  B609 7EF6 FE11 A35F 1F79


CONFIDENTIALITY NOTICE: The contents of this email are confidential
and for the exclusive use of the intended recipient. If you receive this
email in error, please delete it from your system immediately and 
notify us either by email, telephone or fax. You should not copy,
forward, or otherwise disclose the content of the email.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe