I have a Wireshark capture that i am analysis and trying to figure out what application seems to be operating between the various nodes.
The capture shows a lot of LDAP packets as well as a few KRB5 packets. In between all of this is SSLv3 packets labeled as Application Data.
The LDAP and KRB5 packet make me believe that the capture is that of four nodes using Microsoft Active Directory or similar. The question i have is whether programs such Active Directory alone will account for the TCP/SSL application Data packets, or do these packets indicate that there is another software running and the LDAP is merely a part of VMWARE or other network bridge?
Hopefully my explanation of the problem is not too confusing.
Thanks for any help in advance.
The capture shows a lot of LDAP packets as well as a few KRB5 packets. In between all of this is SSLv3 packets labeled as Application Data.
The LDAP and KRB5 packet make me believe that the capture is that of four nodes using Microsoft Active Directory or similar. The question i have is whether programs such Active Directory alone will account for the TCP/SSL application Data packets, or do these packets indicate that there is another software running and the LDAP is merely a part of VMWARE or other network bridge?
Hopefully my explanation of the problem is not too confusing.
Thanks for any help in advance.