[cifs-protocol] [REG:118100419158690] sharing network traces and password hashes

Edgar Olougouna edgaro at microsoft.com
Thu Oct 4 19:44:59 UTC 2018

Bonjour Aurélien,
What transport protocols are you focusing on? 
Is it only TCP, NBT, or it could be something else?
The first thing I'm doing is to understand what protocol encapsulation is involved in your scenario. 
To take an example of another family, for instance we have RDP over TLS over TCP or DTLS over UDP. And RDP uses CredSSP and there may be channel token binding. So it's not always a straightforward answer depending on the layers.


-----Original Message-----
From: Aurélien Aptel <aaptel at suse.com> 
Sent: Thursday, October 4, 2018 2:37 PM
To: Edgar Olougouna <edgaro at microsoft.com>; cifs-protocol at lists.samba.org
Cc: MSSolve Case Email <casemail at microsoft.com>
Subject: RE: [REG:118100419158690] sharing network traces and password hashes

Salut Edgar!

Edgar Olougouna <edgaro at microsoft.com> writes:
> Thanks for reaching out for this interesting question. What protocol family are you investigating? 

The SMB family. smb1, smb2, smb3... As far as I know they can all use the same family of auth mechanism: ntlm, ntlmv2, ntlmssp, gsapi...

Aurélien Aptel / SUSE Labs Samba Team
GPG: 1839 CB5F 9F5B FB9B AA97  8C99 03C8 A49B 521B D5D3 SUSE Linux GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany
GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)

More information about the cifs-protocol mailing list