How to use WireShark to monitor LDAP connection To troubleshoot issues related to LDAP connection, we will use Wireshark to capture the traffic data.
Use the capture filter "tcp port 389", as we only care about the LDAP traffic on port 389.
Press "Enter" key to start the capture.
Alternatively, You can add the filter into template with Capture | Capture Filters...
Click + button to add a new one
(double click the fields to change their values)
You can see the current options, Capture | Options...
If everything is set correctly, click "Start" button to start the capture.
Now you can login into the Dualshield Management Console with an AD user, You should see some live LDAP traffic captured in Wireshark.
Once the login is finished, To stop the capture in Wireshark(either , click the stop button on the toolbar or through menu item).:
or select from the menu:
Save Finally, you can save the capture into a file. Now you can take your time to calculate how long it took on each LDAP request/response.
In this example, the request started from 48.317031, and the Dualshield server got the response back at 48.440965, the delta time between them is, 0.124 second.