Capture filter for LDAP bind by account name.

LDAP
Bind

asked 2020-09-02 17:06:19 +0000

Craven
1 ●1

I'm looking to limit the intake into the PCAP file by using a capture filter to target the ldap bind for a particular account. We're trying to track down all sources this account is used. Currently we're using a cap filter for tcp 389 & 636 and then using a display filter with "ldap.name contains..." Is there a better way to narrow this down with just a capture filter to target the port and account name?

edit retag flag offensive close merge delete

Comments

Have you looked at String-Matching Capture Filter Generator ?

Chuckc ( 2020-09-02 17:11:15 +0000 )edit

add a comment

Be the first one to answer this question!

Please start posting anonymously - your entry will be published after you log in or create a new account.

Capture filter for LDAP bind by account name.

Comments

Be the first one to answer this question!

Question Tools

Stats

Related questions

Capture filter for LDAP bind by account name. edit

Comments

Be the first one to answer this question!

Question Tools

Stats

Related questions

Capture filter for LDAP bind by account name.