Ask Your Question

Can Wireshark decode a LDAPs conversation?

asked 2018-04-13 03:10:53 +0000

tlemons gravatar image

I captured a 'regular' (no TLS) LDAP conversation and Wireshark decoded the LDAP conversation.

I captured a LDAPs conversation and, because I had the private key of the server, Wireshark was able to decode the TCP packets and show the data inside them.

But Wireshark was not able to decode / display the LDAP conversation inside the decrypted TCP packets. Should Wireshark have been able to do this, and I just didn't set it up correctly?

Thanks! tl

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2018-04-14 13:50:13 +0000

Uli gravatar image

updated 2018-04-14 13:50:50 +0000

Yes, it should be possible.

Have you tried using 'Analyze' -> 'Decode as...' -> 'Field': 'SSL Port', 'Value': 'your TCP port, e.g. 636', 'Currrent': 'LDAP'?

edit flag offensive delete link more


That worked great! I had fiddled with this, but had not used these values: Field - SSL Port Value - 636 Type - Integer, base 10 Default - data Current - LDAP

Thanks for the help!

tlemons gravatar imagetlemons ( 2018-04-16 18:31:29 +0000 )edit

Hi, I am unable to decrypt ldaps. I am using a load balancer and in this case LB is the client and it is sending a LDAP query to the server over a secure channel and I need to inspect the packets,so how do I decrypt in this case ? I ahve decrypted https traffic with a private key, in this case I am the client and need to know how to decrypt. Please help.

Abhijith gravatar imageAbhijith ( 2019-10-16 11:23:03 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2018-04-13 03:10:53 +0000

Seen: 12,570 times

Last updated: Apr 14 '18