• 6
name

A PHP Error was encountered

Severity: Notice

Message: Undefined index: userid

Filename: views/question.php

Line Number: 191

Backtrace:

File: /home/prodcxja/public_html/questions/application/views/question.php
Line: 191
Function: _error_handler

File: /home/prodcxja/public_html/questions/application/controllers/Questions.php
Line: 433
Function: view

File: /home/prodcxja/public_html/questions/index.php
Line: 315
Function: require_once

name Punditsdkoslkdosdkoskdo

How do I see LDAP traffic in snoop on Solaris?

When I use snoop to record/view traffic on my Solaris 10 server it automatically shows/decodes LDAP traffic for me if I specify port 389

But I also need to snoop on port 3268 (which is also LDAP traffic - to AD's "Global Catalog") but when I view the output there is no sign of LDAP

      • 1
    • I am assuming that there is actual LDAP traffic in the pcap, but if anyone can suggest proof that it is only TCP session handling, that too would be useful.

For using snoop, I think we're at step -1: Convince Oracle they need to make their software handle this.

Looking at the snoop manpage online, I find this:

ldap

    True if the packet is an LDAP packet on port 389.

This suggests that the protocol decoding was written by someone who was thinking that LDAP is fundamentally connected with port 389.

I don't like that answer, so looking for another one:

Wireshark might be another option. It's available for Solaris and can understand capture files from snoop. Its documentation isn't clear on it being able to decode LDAP on an alternate port, so I searched to see if it could, and found this from https://osqa-ask.wireshark.org/questions/21358/failure-to-recognize-ldap-if-not-port-389:

Question:

... I am using port 50000. I am able to authenticate successfully and capture the traffic. However, wireshark interprets as TCP not LDAP and in the info field it does not say bind request, etc. Is this due to the port that I am using?

Answer:

You can either change the default port for LDAP in the preferences (click on protocols and then search for LDAP).

Or you can rightclick on a packet and use "Decode As..."

  • 0
Reply Report

Warm tip !!!

This article is reproduced from Stack Exchange / Stack Overflow, please click

Trending Tags