diff options
| -rw-r--r-- | src/lib/protocols/kerberos.c | 9 | ||||
| -rw-r--r-- | tests/pcap/kerberos-error.pcap | bin | 0 -> 537 bytes | |||
| -rw-r--r-- | tests/result/kerberos-error.pcap.out | 8 | ||||
| -rw-r--r-- | tests/result/kerberos.pcap.out | 2 |
4 files changed, 17 insertions, 2 deletions
diff --git a/src/lib/protocols/kerberos.c b/src/lib/protocols/kerberos.c index 9d2969e51..176bb2eab 100644 --- a/src/lib/protocols/kerberos.c +++ b/src/lib/protocols/kerberos.c @@ -424,7 +424,7 @@ void ndpi_search_kerberos(struct ndpi_detection_module_struct *ndpi_struct, return; } else if(kerberos_len == expected_len) { - if(packet->payload_packet_len > 128) { + if(packet->payload_packet_len > 64) { u_int16_t koffset, i; for(i=8; i<16; i++) @@ -444,6 +444,7 @@ void ndpi_search_kerberos(struct ndpi_detection_module_struct *ndpi_struct, if(((packet->payload[koffset] == 0x0A) || (packet->payload[koffset] == 0x0C) + || (packet->payload[koffset] == 0x1E) || (packet->payload[koffset] == 0x0D) || (packet->payload[koffset] == 0x0E))) { u_int16_t koffsetp, body_offset = 0, pad_len; @@ -679,6 +680,12 @@ void ndpi_search_kerberos(struct ndpi_detection_module_struct *ndpi_struct, sport, dport, flow->protos.kerberos.hostname, flow->protos.kerberos.domain, flow->protos.kerberos.username); flow->extra_packets_func = NULL; + } else if(msg_type == 0x1e) /* Error */ { +#ifdef KERBEROS_DEBUG + printf("[Kerberos] Processing KRB-Error\n"); +#endif + /* Nothing specific to do; stop dissecting this flow */ + flow->extra_packets_func = NULL; } return; diff --git a/tests/pcap/kerberos-error.pcap b/tests/pcap/kerberos-error.pcap Binary files differnew file mode 100644 index 000000000..249e23454 --- /dev/null +++ b/tests/pcap/kerberos-error.pcap diff --git a/tests/result/kerberos-error.pcap.out b/tests/result/kerberos-error.pcap.out new file mode 100644 index 000000000..79692fd81 --- /dev/null +++ b/tests/result/kerberos-error.pcap.out @@ -0,0 +1,8 @@ +Guessed flow protos: 0 + +DPI Packets (UDP): 2 (2.00 pkts/flow) +Confidence DPI : 1 (flows) + +Kerberos 2 481 1 + + 1 UDP 148.151.79.183:34473 <-> 144.199.10.233:88 [VLAN: 2008][proto: 111/Kerberos][ClearText][Confidence: DPI][cat: Network/14][1 pkts/333 bytes <-> 1 pkts/148 bytes][Goodput ratio: 86/68][0.36 sec][linux.shell.com\mus-n-cj0709][PLAIN TEXT (LINUX.SHELL.COM)][Plen Bins: 0,0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/kerberos.pcap.out b/tests/result/kerberos.pcap.out index 27377c786..af04f6d53 100644 --- a/tests/result/kerberos.pcap.out +++ b/tests/result/kerberos.pcap.out @@ -1,4 +1,4 @@ -Guessed flow protos: 33 +Guessed flow protos: 29 DPI Packets (TCP): 77 (2.14 pkts/flow) Confidence Unknown : 2 (flows) |