Identify Domain Controller specifically included in network request

asked 2020-12-15 16:25:52 +0000

Know I can't be the first to ask a question like this... Is there a way to filter a Wireshark capture to include only requests from network which are specifically to a named Domain Controller, and not to the domain namespace in general? Attempting to decommission a Physical Domain Controller and over the years, applications have been hardcoded for ldap authentication. Without breaking these applications, we want to proactively edit configurations to query the Domain namespace instead of the FQDN of the Domain Controller. Any thoughts?

edit retag flag offensive close merge delete


I tried to understand what you are looking for but the question was not clear to me.

hugo.vanderkooij gravatar imagehugo.vanderkooij ( 2020-12-16 08:59:49 +0000 )edit

Current LDAP configuration: ldap://, should be configured ldap:// Dc1 needs to be retired. While running a wire shark capture on Dc1, is there a way to determine queried to ldap:// by filtering? Dc1 also responds to namespace ldap:// requests. Thank you!

Bimpster gravatar imageBimpster ( 2020-12-16 12:21:02 +0000 )edit

Can't you capture on dc1 and look at the hosts making connection requests?

grahamb gravatar imagegrahamb ( 2020-12-16 20:48:30 +0000 )edit

Absolutely I can, and have. The issue is trying to filter out requests to the namespace and include only those requests to the domain controller specifically. As long as it a DC, it will always respond to namespace requests AND requests specifically addressed to it.

Bimpster gravatar imageBimpster ( 2020-12-16 21:50:16 +0000 )edit