Security Gurus,
Can someone please explain to me how I can use Microsoft Network Monitor on a Domain Controller so that I can discover what applications and clients are using SSL 3.0?
I have enabled verbose schannel logging, and with that I know there are clients/apps talking SSL 3.0, however, the event 36880 doesn't give a source address - it just says an SSL handshake completed successfully using the SSL 3.0 protocol.
It's my hope that Network Monitor will reveal the source address of the clients/apps talking SSL 3.0. As you might know, capturing all packets on a DC generates an enormous amount of data; I'm hoping NM has some type of filter that I can use to only capture the SSL version packets.
Regards,
'T'