I have created a local environment as follows:-
DC:- Windows server 2008<br>
Client:- Windows 7<br>
Domain:- januapp.local
Now I read on somewhere that, the DC uses two types of Protocol for Authentication.
1.NTLM
2.Kerberous
Now when I type credentials of User listed in DC 'users' OU from client machine then I successfully logged in the domain but How I authenticated?
How this environment uses protocol? I want to see it in real, but I didn't find a way to do it so.
Thanks
Well, you can install windump/libpcap on a Windows client and see how it's communicating with DC via the network, by sniffing the traffic and analyzing the packet capture windump will get it with the wireshark (or, simply analyzing the network traffic online with the latter).
I guess you will see that both protocols are used, but on different stages.
windows logs security event 4768 for each Kerberos tgt request (event 4771 is logged for preauth failures). To view the traffic itself you would need wireshark or message analyzer.
