What happens on the network if you’re joining a Microsoft Active Directory domain? Which protocols are used? As I suspected, it’s a bit more complex than just seeing a single known protocol like HTTPS. ;)
Since a PCAP is worth a thousand words, I captured the process of a Windows PC joining an AD. Let’s have a look at it with Wireshark and NetworkMiner. And, as always, you’re welcome to download the packet capture to analyse it by yourself.
Continue reading Joining an Active Directory: A Packet Capture