Ask Your Question

Revision history [back]

how to find account login source?

hello. just starting with wireshark. i have run the capture for 15 minutes and in that time period, the AD account i'm tracking got an invalid login attempt. in the amount of data captured, how does one find this invalid login attempt?

as a backgroud, i was using Netwrix Account Lockout Examiner and although it can point me to the source of the invalid login attempt IF a workstation name is present, there are times it would show that the offending workstation name is MSTSC which doesn't make sense.

so i got wireshark to find out where this MSTSC is coming from.

appreciate any help.