GCIA - coverage of SMB/CIFS and DCE/RPC
docrice
Member Posts: 1,706 ■■■■■■■■■■
I probably won't be able to afford the GCIA course until next year, but I noticed on the course description that they cover SMB/CIFS and DCE/RPC. I deal with Windows environments a lot and have always been curious about these protocols. I've tried Googling for more information but the results I got I've found somewhat confusing (perhaps the protocols are just more complex than I anticipated).
How well / in-depth are these covered in the GCIA? Does the course prepare you to fully decipher what's going on when you see client traffic communicating with a domain controller during boot, for example?
How well / in-depth are these covered in the GCIA? Does the course prepare you to fully decipher what's going on when you see client traffic communicating with a domain controller during boot, for example?
Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
Comments
-
L0gicB0mb508
Member Posts: 538
They are covered in a fair amount of detail. I can't say as you will be able to decode everything going on with them though. The protocols tend to be extremely complicated (which is probably why you are getting a lot of confusing info). It should give you a basic idea what you are looking at when you see Kerberos authentication and a client accessing a Win share. You will also get a decent overview of RPC and DCOM information.I bring nothing useful to the table... -
Paul Boz
Member Posts: 2,620 ■■■■■■■■□□
The wireshark wiki has excellent packet captures of the SMB/CIFS and RPC services. One of them is an SMB torture test that will show you many anomalies with the protocol. I found it very helpful.
SampleCaptures - The Wireshark WikiCCNP | CCIP | CCDP | CCNA, CCDA
CCNA Security | GSEC |GCFW | GCIH | GCIA
pbosworth@gmail.com
http://twitter.com/paul_bosworth
Blog: http://www.infosiege.net/