Project

General

Profile

Actions
Copy link

Bug #2528

closed
JT PC

krb parser not always parsing tgs responses

Bug #2528: krb parser not always parsing tgs responses

Added by Jason Taylor almost 8 years ago. Updated over 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Pierre Chifflier
Target version:
4.1.1
Affected Versions:
4.1
Effort:
Difficulty:
Label:

Description

I am testing out the krb5 parser and I am seeing what appear to be
inconsistent results.

One pcap (krb5.good.pcap) parses out the tgs response in the json log.

The second pcap (krb5.bad.pcap) doesn't parse out the tgs response in
the json log.

Attached are the logs from the suricata runs, build info and pcaps.

After some initial troubleshooting in IRC, victorj/pollux said it looks like there is an issue in krb5 parser as well as possibly something additional in suricata.

Files

Download all files
suri.outinfo.txt (2.32 KB) suri.outinfo.txt Jason Taylor, 07/10/2018 05:06 PM
krb5.sample.zip (14.7 KB) krb5.sample.zip Jason Taylor, 07/10/2018 05:06 PM
suri.buildinfo.txt (3.38 KB) suri.buildinfo.txt Jason Taylor, 07/10/2018 05:06 PM
Actions
Copy link

Also available in: PDF Atom