Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to confirm SAP SNC decryption is working

How does one confirm that SAP SNC traffic is correctly decrypted, once the steps are completed to create the keytab file and enable the AMD to use them?

I don't see any change in the monitoring data and I still see SNCFRAME in the packets when inspecting them via Wireshark (captured on AMD with keytab files present and config done as per docs).

Dynatrace Pro
Dynatrace Pro

Hello Andre,

Please, have a look at

If more detailed help is needed, please, report support ticket and you'll receive assistance from our support and development teams.

Best Regards,


Hi Jacek, thanks I'm aware of the documentation and followed the steps but it's not clear if it's working, so I've already opened a support ticket 🙂

Cheers, André

keep us posted on the progress please. Having a similar issue.

If you're using HS AMD (12.4.15 or later), you can use the 'rcon' command:

sncdecr status

to help figure out if your keytab files are being used/recognized. That command is not available in Classic AMD though.

And then probably you do not want to see this:

>$ sncdecr status
                Keys recognized=0
                Available keys:
                        NO KEYS AVAILABLE

Indeed, not what you want to see! 😉

This is more what you want:

Dynatrace RTM Console, ver. ndw. RHEL7_x86_64
Log file: /var/log/adlex/rcon.log
>$ sncdecr status
                Keys recognized=1

NO KEYS AVAILABLE tells me that the keys are either not present, or not loaded in memory. Did you follow the steps in the docs, how to create the keylist file etc.? That's assuming the keytab files you have, are correct and of a supported SNC library, of course. Something like SAP's GSS-API v2 over NTLM (SSPI) is not a supported library, since NTLM is not supported, only Kerberos.

We have a SAP SCM implementation that is monitored with SAP GUI and SAP GUI over HTTP decodes. Also for those we like to know if decryption is working.
I am not familiar to SAP. Perhaps the keys are not needed there?

I'm learning as I go along, I'm no SAP expert myself, not by a long shot!

What I can say is that from what I've seen, if you have SNC traffic on the wire, and you're using a 2017 or newer AMD, you will see SAP-SNC-Encrypted traffic if you look at the SAP GUI software service's Operations.

If you don't see that, chances are good SNC is not used; the SAP BASIS team should also be able to confirm if SNC is implemented or not.

If you do see SNC traffic in NAM (DCRUM), you'll need the keytab files to decrypt the SNC traffic on the AMD. But they have to use Kerberos, as NTLM is not supported.