Need help with Kerberos filtering in MS Netmon

[Scott Ehrlich]

I have tried to capture and filter Kerberos packets using Microsoft's
Network monitor from Win2000 Advanced Server, Win2003 Advanced Server,
and SMS's Network Monitor. None provide any captured packets when I
stop the filtering and set the filtered protocol to equal Kerberos.

There IS Kerberos activity on our network using a production MIT KDC and
several Debian Linux clients. I have XP working fine with Kerb and
OpenAFS, but my Win2K "test" and "production" machines, "test" with SP3
and "production" with SP4 refuse to perform Kerb authentication, hense
the reason to capture patches for further analysis.

Netmon on all systems show Kerberos as a filterable protocol, but none
of the captured frames show anything.

Am I missing something?

Has anyone else been able to successfully capture Kerb packets with any
version of netmon?

No google (www.google.com nor groups.google.com) search comes up with
any hits.

Thanks for any insight.

Scott

 

[Brian Oakes [MSFT]]

I think the released versions don't parse Kerberos very well right now. We
have some internal versions that do a better job. For troubleshooting, I
would check out Ethereal to get you the information you need.

Yesterday I just installed a new test version of Netmon, and it looks great
so hopefully something should be coming out soon.

What errors are you getting from the MS Clients relating to the Kerb Auth?

--

Brian Oakes

This posting is provided "AS IS" with no warranties and confers no rights.
Please reply to the newsgroup so that others may benefit.