如何解密SMB版本3加密流量? [英] How to decrypt SMB version 3 encrypted traffic ?
问题描述
HI,
有解密SMB 3流量的选项吗?
<请提供建议。
谢谢。
Hi Itay-av17,
我看到您修改了原始帖子并更改了原始问题。 下面的回复基于您的原始文本,然后是您编辑的问题的答案:
此论坛的目的是支持开放规范文档。您可以在
https://msdn.microsoft.com/en-us/openspecifications/default
Open Specification文档库位于
https://msdn.microsoft.com/library/dd208104.aspx 。
主要是我们与在线协议的第三方实施者合作(即非-Microsoft端点)
当你引用文件共享协议,您的问题更接近平台支持问题,并且最好通过其中一个Technet论坛解决,例如服务器平台网络
论坛 https://social.technet.microsoft.com/Forums/en-US/home?forum=winserverPN&filter=alltypes&sort=lastpostdesc 。
https://technet.microsoft.com/en-us/evalcenter/cc246482.aspx?f=255&MSPPError=-2147217396 。
客户端和服务器都通过[MS-SMB2] 2.2.3 SMB2_NEGOTIATE请求和[MS-SMB2] 2.2.4 SMB2_NEGOTIATE响应来协商协议"dialect"。 "方言"更精细,只有SMB 2或3,甚至特定方言
中的许多功能都是可选的。 参见[MS-SMB2] 1.7版本控制和能力谈判。 确定方言是什么实际上,您应该使用工具作为消息分析器,网络监视器或Wireshark来查看线上网络流量。
如何设计两台Windows机器之间的特定协商对于Technet的帖子来说将是一个很好的主题。论坛&NBSP;如果您对使用[MS-SMB2]的线上SMB2 / 3
观察有特定问题,我们可以通过此论坛(作为新帖子)或通过邮件向"dochelp(at at )Microsoft(dot)com
至于你更新的帖子,"[这里是]解密SMB 3流量的选项吗?",这是可能的。 请参阅演示文稿"解密SMB3协议",价格为
https://channel9.msdn.com/Events/Open-Specifications-Plugfests/Redmond-Interoperability-Protocols-Plugfest -2015 / Decrypting-SMB3-Protocol
HI,
There is an option to decrypt traffice of SMB 3 ?
Please advice.
Thanks.
Hi Itay-av17,
I see that you edited your original post and changed your original question. The response immediately below is based on your original text, followed by an answer for your edited question:
The purpose of this forum is to support the Open Specifications documentation. You can read about the Microsoft Open Specifications program at https://msdn.microsoft.com/en-us/openspecifications/default
The library of Open Specification documents is located at https://msdn.microsoft.com/library/dd208104.aspx.
Primarily we work with third-party implementers of the on-the-wire protocols (i.e., non-Microsoft endpoints)
While you cite the files sharing protocols, your question is closer to platform support question and would be best addressed by one of the Technet forums, like the Server Platform Networking forum at https://social.technet.microsoft.com/Forums/en-US/home?forum=winserverPN&filter=alltypes&sort=lastpostdesc.
In general: The SMB 2 and SMB 3 protocols are discussed in the same document: [MS-SMB2] "Server Message Block (SMB) Protocol Versions 2 and 3" and is available as a PDF download at https://technet.microsoft.com/en-us/evalcenter/cc246482.aspx?f=255&MSPPError=-2147217396. Both the client and server negotiate a protocol "dialect" via a [MS-SMB2] 2.2.3 SMB2_NEGOTIATE Request and a [MS-SMB2] 2.2.4 SMB2_NEGOTIATE Response. The "dialects" are more granular that just SMB 2 or 3, and even many features within a specific dialect are optional. See [MS-SMB2] 1.7 Versioning and Capability Negotiation. To determine what dialect is actually negotiated, you should be using tools as Message Analyzer, Network Monitor or Wireshark to see the on-the-wire network traffic.
How to engineer a specific negotiation between two Windows machines would be a great topic for a post to the Technet forum. If you have a specific question about on-the-wire SMB2/3 observations using [MS-SMB2], we might be able to help via this forum (as a new post) or by mail to "dochelp (at) Microsoft (dot) com
As for your updated post, "[Is t]here is an option to decrypt traffic of SMB 3 ?", it is possible. Please see the presentation "Decrypting SMB3 Protocol" at https://channel9.msdn.com/Events/Open-Specifications-Plugfests/Redmond-Interoperability-Protocols-Plugfest-2015/Decrypting-SMB3-Protocol
这篇关于如何解密SMB版本3加密流量?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
