Project

General

Profile

Actions
Copy link

Task #5685

open
VJ VJ

tracking: active directory protocols support

Task #5685: tracking: active directory protocols support

Added by Victor Julien over 3 years ago. Updated 17 days ago.

Status:
Assigned
Priority:
Normal
Assignee:
Victor Julien
Target version:
TBD
Effort:
Difficulty:
Label:
Protocol

Description

A suite of protocols:
https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adod/5ff67bf4-c145-48cb-89cd-4f5482d94664

"The Active Directory protocols are specified in [LDAP], [MS-ADTS], [MS-SRPL], [MS-DRSR], [MS-SNTP], [MS-LSAD], [MS-LSAT], [MS-DSSP], [MS-SAMR], [MS-SAMS], [MS-WSDS], [WFXR], [WSENUM], [MS-WSTIM], [MS-ADDM], [MS-WSPELD], and [MS-ADCAP]."

Files

2026-02-28-traffic-analysis-exercise.pcap (6.28 MB) 2026-02-28-traffic-analysis-exercise.pcap pcap with LDAP, DCERPC, KRB, SMB2, SAMR Juliana Fajardini Reichow, 03/19/2026 02:26 PM

Related issues 3 (2 open1 closed)

Related to Suricata - Task #5488: Suricon 2022 brainstormAssignedVictor JulienActions
Related to Suricata - Feature #1199: protocol: LDAP supportClosedGiuseppe LongoActions
Related to Suricata - Feature #8403: smb: add samr_UserInfo details to EVE logsNewActions

VJ Updated by Victor Julien over 3 years ago Actions
Copy link
 #1

  • Related to Task #5488: Suricon 2022 brainstorm added

VJ Updated by Victor Julien over 3 years ago Actions
Copy link
 #2

VJ Updated by Victor Julien 6 months ago Actions
Copy link
 #3

  • Status changed from New to Assigned

JF Updated by Juliana Fajardini Reichow 17 days ago Actions
Copy link
 #4

Adding a pcap from malware traffic analysis that has a good example for SAMR protocol.

VJ Updated by Victor Julien 10 days ago Actions
Copy link
 #5

  • Related to Feature #8403: smb: add samr_UserInfo details to EVE logs added
Actions
Copy link

Also available in: PDF Atom