Identify Domain Controller specifically included in network request
Know I can't be the first to ask a question like this... Is there a way to filter a Wireshark capture to include only requests from network which are specifically to a named Domain Controller, and not to the domain namespace in general? Attempting to decommission a Physical Domain Controller and over the years, applications have been hardcoded for ldap authentication. Without breaking these applications, we want to proactively edit configurations to query the Domain namespace instead of the FQDN of the Domain Controller. Any thoughts?
I tried to understand what you are looking for but the question was not clear to me.
Current LDAP configuration: ldap://dc1.Contoso.org:389, should be configured ldap://contoso.org:389. Dc1 needs to be retired. While running a wire shark capture on Dc1, is there a way to determine queried to ldap://dc1.contusion.org:389 by filtering? Dc1 also responds to namespace ldap://contoso.org:389 requests. Thank you!
Can't you capture on dc1 and look at the hosts making connection requests?
Absolutely I can, and have. The issue is trying to filter out requests to the namespace and include only those requests to the domain controller specifically. As long as it a DC, it will always respond to namespace requests AND requests specifically addressed to it.
Thank you @grahamb. It was a good thought but I had already identified dozens of applications hitting that one box.