Project

General

Profile

Actions
Copy link

Task #5685

open

tracking: active directory protocols support

Added by Victor Julien over 3 years ago. Updated 7 days ago.

Status:
Assigned
Priority:
Normal
Assignee:
Victor Julien
Target version:
TBD
Effort:
Difficulty:
Label:
Protocol

Description

A suite of protocols:
https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adod/5ff67bf4-c145-48cb-89cd-4f5482d94664

"The Active Directory protocols are specified in [LDAP], [MS-ADTS], [MS-SRPL], [MS-DRSR], [MS-SNTP], [MS-LSAD], [MS-LSAT], [MS-DSSP], [MS-SAMR], [MS-SAMS], [MS-WSDS], [WFXR], [WSENUM], [MS-WSTIM], [MS-ADDM], [MS-WSPELD], and [MS-ADCAP]."

Files

2026-02-28-traffic-analysis-exercise.pcap (6.28 MB) 2026-02-28-traffic-analysis-exercise.pcap pcap with LDAP, DCERPC, KRB, SMB2, SAMR Juliana Fajardini Reichow, 03/19/2026 02:26 PM

Related issues 3 (2 open1 closed)

Related to Suricata - Task #5488: Suricon 2022 brainstormAssignedVictor JulienActions
Related to Suricata - Feature #1199: protocol: LDAP supportClosedGiuseppe LongoActions
Related to Suricata - Feature #8403: smb: add samr_UserInfo details to EVE logsNewActions
Actions
Copy link
 #1

Updated by Victor Julien over 3 years ago

  • Related to Task #5488: Suricon 2022 brainstorm added
Actions
Copy link
 #2

Updated by Victor Julien over 3 years ago

Actions
Copy link
 #3

Updated by Victor Julien 5 months ago

  • Status changed from New to Assigned
Actions
Copy link
 #4

Updated by Juliana Fajardini Reichow 7 days ago

Adding a pcap from malware traffic analysis that has a good example for SAMR protocol.

Actions
Copy link
 #5

Updated by Victor Julien about 9 hours ago

  • Related to Feature #8403: smb: add samr_UserInfo details to EVE logs added
Actions
Copy link

Also available in: Atom PDF