<< A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

–A–

–B–

binding requests – see LDAP, filter display binding requests

binding responses – see LDAP, filter display binding responses

–C–

certs

tls.handshake.type == 119

Use ldp.exe to connect to the DC with new cert over port 636. Look for “Server Hello” and the source is the DC and the destination is the IP of the ldp.exe app. Go to Transport Layer Security section and then look for “Handshake Protocol: Certificate” section.

command line

How To Capture from the Command Prompt with Wireshark

–D–

Display Filter Reference (for LDAP)

–E–

–F–

filter by IP address

ip.addr == 123.45.67.89

or

ip.src_host == 123.45.67.89

or

ip.dst_host == 123.45.67.89

filter to capture only LDAP traffic – see LDAP, filter to capture only packets pertaining to LDAP traffic

filter view to see only packets pertinant to LDAP Server Signing – see LDAP, filter to view only packets pertaining to LDAP Server Signing

filter by time

(frame.time >= "Oct 16, 2023 11:15:14") && (frame.time <= "Oct 16, 2023 11:15:15")

–G–

–H–

–I–

IP address, filter results by – see filter by IP address

–J–

–K–

–L–

LDAP, filter display

binding requests

ldap.protocolOp == 0

binding responses

ldap.protocolOp == 1

other binding:

ValueMeaning
0Bind request
1Bind response
2Unbind request
3Search request
4Search result entry
5Search result done
6Modify request
7Modify response
8Add request
9Add response
10Delete request
11Delete response
12Modify DN request
13Modify DN response
14Compare request
15Compare response
16Abandon request
17Extended request
18Extended response

Server Signing filter to view only packets pertaining to Server Signing

to display of packets already captured to find packets pertaining to LDAP Server Signing

ldap.requestName == 1.3.6.1.4.1.1466.20037 or ldap.responseName == 1.3.6.1.4.1.1466.20037

for port 387 or

ldap.requestName == 1.3.6.1.4.1.1466.20036 or ldap.responseName == 1.3.6.1.4.1.1466.20036

for port 686 (LDAPS)

LDAP, filter capture LDAP traffic

port 389 or port 636

–M–

–N–

–O–

–P–

–Q–

–R–

–S–

–T–

timestamp, display instead of seconds since begin recording session

In the View menu click Time Display Format and choose one of the Time of Day options.

time by, filter results by range – see filter by time

–U–

–W–

–X–

–Y–

–Z–