Wireshark doesn't dissect LDAP

asked 2022-10-28 17:01:14 +0000

I can see the Bind requests, but the LDAP packets just show

SASL Buffer length: xxx SASL Buffer

Displaying the buffer shows the unencrypted contents and I can piece it together from the binary dump, but I have to do it for a lot of buffers so hoping the LDAP dissector could do it.

edit retag flag offensive close merge delete


Is your traffic running on a non-standard LDAP port? Unencrypted LDAP traffic is dissected for me.

grahamb gravatar imagegrahamb ( 2022-10-28 18:39:49 +0000 )edit

No, it uses the standard port 389. The only unusual thing is it's local link ::1 -> ::1 I'm trying to move the client to a different machine to see if that has any effect. Update - running on a different machine doesn't work since then Windows uses DCE/RPC, which is encrypted. So I can try dissecting that as well. There are various Google search results for how to do that using e.g. ktpass, but so far no luck with that either.

yoyodyne gravatar imageyoyodyne ( 2022-10-28 18:50:12 +0000 )edit