You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

How to use WireShark to monitor LDAP connection
Download WireShark (64bit version) from {+}
Install it on the DualShield server (follow its user guide).
Run it as Administrator

Use the capture filter "tcp port 389", as we only care about the LDAP traffic on port 389.

Press "Enter" key to start the capture.
Alternatively, You can add the filter into template with  Capture | Capture Filters...

Click + button to add a new one

(double click the fields to change their values)
You can see the current options, Capture | Options...
If everything is set correctly, click "Start" button to start the capture.
Now you can login into the Dualshield Management Console with an AD user, You should see some LDAP traffic captured in Wireshark.

Once the login is finished, stop the capture in Wireshark(either click the stop button on the toolbar or through menu item).

Save the capture into a file. Now you can take your time to calculate how long it took on each LDAP request/response.

In this example, the request started from 48.317031, and the Dualshield server got the response back at 48.440965, the delta time between them is, 0.124 second.