Question & Answer
Question
This technote shows how to use wireshark (formerly known as ethereal) on Windows to do a network trace of incoming and outgoing packets to the LDAP server. This will sometimes be requested by Support to troubleshoot Directory Server issues.
Answer
This technote requires Wireshark (formerly known as ethereal) to be installed on your Windows computer. Search via your favorite search engine for "Wireshark" to find out where to download it from, and how to install it.
Once wireshark is installed and the GUI is running, click on the "Capture" menu and select the "Interfaces" submenu. In the "Interfaces" menu, select the "Options" button for the interface the traffic will be coming in on. in the resulting dialogue, deselect the "Capture packets in promiscuous mode" if it is selected (we only care about traffic coming and going from this host):
and in the field next to the "Capture Filter" button, enter a filter, if desired, eg: "port 389":
And then start the capturing by selecting the "Start" button from the same dialog.
You can also specify a capture file in the "Capture File(s)" entry field in the same dialog, if you want to save immediately.
This will begin tracing network packets with a source or destination port of 389 and only for local box.
Run what operation it is that needs to be traced. When the operation is completed, you should see packets captured in wireshark like this:
This particular capture was performed using Wireshark 1.6.7 on Windows 2003 Server running a rootDSE search run from the native host to a Windows guest virtual machine. When using different versions of Wireshark, some menu options might be different.
To stop the network trace, do either a Ctrl-E, or select "Stop" from the "Capture" menu.
Finally, use the "File" --> "Export" --> "File" menu to save the output to a file. Compress this output file, and sent it to Support with any other requested data.
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21283072