hi,
I just download 1.1-svn 18079 for fc4 and windows. I found one of my color filter is no longer valid. it is "mscldap.netlogon.type".
And I also found the CLDAP packets between windows client and DC are not pasered as before. Here I attacded a sample trace the display result.
No. Time Source Destination Protocol Info
2 15:27:00.527361 157.60.73.105 157.60.72.125 CLDAP searchResEntry(1) searchResDone(1) [1 result]
Frame 2 (218 bytes on wire, 218 bytes captured)
Ethernet II, Src: Microsof_e0:af:8c (00:03:ff:e0:af:8c), Dst: Microsof_d9:af:8c (00:03:ff:d9:af:8c)
Internet Protocol, Src: 157.60.73.105
(157.60.73.105), Dst: 157.60.72.125 (157.60.72.125)
User Datagram Protocol, Src Port: 389 (389), Dst Port: 1029 (1029)
Lightweight-Directory-Access-Protocol
LDAPMessage searchResEntry(1) [1 result]
messageID: 1
protocolOp: searchResEntry (4)
searchResEntry
attributes: 1 item
Item
type: netlogon
vals: 1 item
Item: 18000000FC01000002A0BED71554BC4487E47F1B9E6E17DC...
Response To: 1
Time: 0.005610000 seconds
LDAPMessage searchResDone(1) [1 result]
messageID: 1
protocolOp: searchResDone (5)
searchResDone
Response To: 1 Time:
0.005610000 seconds
---
the netlogon atribute is parsered very well before. now ethereal only display a long binary string. is it a design change or a bug? If it is intended to be so, can I know why? I really need this work to help my trouble shoot dc locating issue in windows domain.
Attachment:
udp ping2.cap
Description: Binary data