Capture filter for LDAP bind by account name.

asked 2020-09-02 17:06:19 +0000

Craven gravatar image

I'm looking to limit the intake into the PCAP file by using a capture filter to target the ldap bind for a particular account. We're trying to track down all sources this account is used. Currently we're using a cap filter for tcp 389 & 636 and then using a display filter with "ldap.name contains..." Is there a better way to narrow this down with just a capture filter to target the port and account name?

edit retag flag offensive close merge delete

Comments

Chuckc gravatar imageChuckc ( 2020-09-02 17:11:15 +0000 )edit