Unfortunately Ethereal is really a decoder to help people that can't
decode hex in their head to have a human-readable breakdown of packets. It
really can't teach you by itself how communications protocols work. That said,
you really need to work from the top down. Not having the trace in front of me
but I would hope that most of the packets you refer to have something other than
TCP or IP in the protocol field. As a guess I imagine that AS-REQ and TGS-REP
will have "Kerberos" as the protocol (I did a search for TGS-REP on Google and
guess what popped up). What you then need to do is find a reference for Kerberos
(maybe the RFCs or other tutorials). Similarly SAM Logon is to do with NT
Authentication (again from Google) presumably under the SMB or NetBios protocol.
Again a reference on these protocols is useful.
Yes
there are lots of general protocol and communications books out there but
unfortunately they always by necessity have a cutoff as far as detail on
specific protocols go. Fortunately most protocols follow a fairly standard
request/response or advertisement sequence, and with sufficiently detailed
decoding you can usually surmise what is going on. Anyway, good
luck!
Martin
Visser
|
Title: Message
- [Ethereal-users] help interpreting network capture... A Etemadi
- Visser, Martin (Sydney)