Using Network Monitor to check for LDAP traffic before demoting Domain Controller.

Well a simple capture filter I used to find what machines used the LDAP service on a Domain Controller I was demoting. But before running this I needed to remove a couple of DNS references to the server so clients wouldnt get here.

Well this includes lots of traffic We dont really want so lets ignore all traffic with other domain controllers.

Add the output with an AND OUTPUT GOES HERE to the end. So it will look like this:

But wait, what is ::1 doing in there? Well if you have IPv6 the resolver will return that IP, so dont worry. Now just lets see who talks with the server. And migrate make sure they dont have any static entries pointing at this Domain Controller.

Update 30/1, added requirement of synflag to reduce packets to only initial.

Comments

  1. Onye says:

    whats programming language is the Network monitor in?

Trackbacks

  1. […] And now just wait a couple of days and then use Network Monitor to listen for LDAP traffic. […]

Leave a Reply