when kerberos claims a conversation, it only claims it for the source port
since a KDC MIGTH send the reply back from a different port.
Then comes X.L's capture (ethereal-dev) 816fc4.cap from 16Aug2005 where
the client is reusing the same source port to talk to DNS after finishing
doing the port 88 KDC stuff.
==>
Make kerberos/udp able to test the packet for sanity and reject packets that
do not look like kerberos (even if there was a conversation that said it was kerberos)
and thus let other dissectors have a go at it.
in doubt, try 816fc4.cap before and after this patch :-)
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@15405
f5534014-38df-0310-8fa8-
9805f1628bb7
git.samba.org / obnox / wireshark / wip.git / commit