Hello, I've recently realized that I did not announce here the presentation I gave back in september about Active Directory network protocols and traffic and thought it might interest people on this list:
http://www.hsc.fr/presentations/ad_proto_traffic/ The goal of the presentation was to explain, looking at the network traffic typically found in Active Directory domains, how Active Directory relies on network protocols such as LDAP, Kerberos V, SMB/CIFS, DNS and NTP. Slides 27 to 35 deal with Kerberos, as used in Active Directory domains. Slide 35 is a screenshot of the Kerberos ticket decryption feature of ethereal (http://www.ethereal.com), that was added by Ronnie Sahlberg nearly one year ago (currently only available on Unix systems with Heimdal). Provided you have a keytab file with the appropriate keys, you can decrypt tickets, including the Microsoft PAC included in both TGT and service tickets. This feature is very useful for debugging and teaching how Kerberos works :-) I recently discovered another interesting tool, ticketviewer, that can be used to look at the LSA Kerberos tickets cache, to display *all* delivered tickets by a Windows KDC: http://www.toolcrypt.org/tools/ticketviewer This tool must be launched from a LOCALSYSTEM shell, you can for instance run the following command as administrator to start ticketviewer as LOCALSYSTEM and see all delivered tickets: C:\>psexec -s -i ticketviewer.exe where psexec is one of the tool found in the Pstools suite, freely available on the Sysinternals website: http://www.sysinternals.com/ntw2k/freeware/pstools.shtml I'll be glad to hear comments or suggestions you may have about the presentation. Jean-Baptiste Marchand -- [EMAIL PROTECTED] HSC - http://www.hsc.fr/ ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
