|
Unfortunately Ethereal is really a decoder to help people that can't
decode hex in their head to have a human-readable breakdown of packets. It
really can't teach you by itself how communications protocols work. That said,
you really need to work from the top down. Not having the trace in front of me
but I would hope that most of the packets you refer to have something other than
TCP or IP in the protocol field. As a guess I imagine that AS-REQ and TGS-REP
will have "Kerberos" as the protocol (I did a search for TGS-REP on Google and
guess what popped up). What you then need to do is find a reference for Kerberos
(maybe the RFCs or other tutorials). Similarly SAM Logon is to do with NT
Authentication (again from Google) presumably under the SMB or NetBios protocol.
Again a reference on these protocols is useful.
Yes
there are lots of general protocol and communications books out there but
unfortunately they always by necessity have a cutoff as far as detail on
specific protocols go. Fortunately most protocols follow a fairly standard
request/response or advertisement sequence, and with sufficiently detailed
decoding you can usually surmise what is going on. Anyway, good
luck!
Martin
Visser
Network
Consultant
Technology & Infrastructure - Consulting &
Integration
COMPAQ, part of the new HP
3 Richardson Place
North Ryde, Sydney NSW 2113,
Australia
Phone (:
+61-2-9022-1670
Mobile È: +61-411-254-513
Fax 7: +61-2-9022-1800 E-mail + : martin.visserAThp.com
Hi all
i'm quite a novice in using &
interpreting ethereal captures. my main trouble is i need some kind of ref. to
figure out what the contents of the "info" field mean. i could tell a few, but
not most, ie. what "SAM LOGON request from client" or "AS-REQ", or "TGS-REP"
mean? how can i interpret what's going on in a capture? u get the
idea.
anyhow, any help or ref. to any useful
resource is much appreciated.
thank u all
another
novice
� | 
