This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How to trace an AD account lockout issue using wireshark.How to trace the caller computer inside my network

asked 20 Nov '13, 20:22

Anand%20Giri's gravatar image

Anand Giri
11112
accept rate: 0%


How to trace an AD account lockout issue using wireshark.How to trace the caller computer inside my network

Well, that's not really easy with a network trace, as the account lockout could have a range of possible reasons and the offending system could use LDAP (plaintext) or LDAPS (encrypted via TLS) or Kerberos. As soon as encryption is part of the game (LDAPS or Kerberos), the effort to figure out the problem via a network capture tool, raises fairly fast.

If I had to analyze that kind of problem, I would use built in tools of Windows, like Security Eventlogs, or the 'new' Windows Message Analyzer, rather than a network capture tool.

Regards
Kurt

permanent link

answered 21 Nov '13, 06:12

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 21 Nov '13, 06:13

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×26
×10
×7
×5

question asked: 20 Nov '13, 20:22

question was seen: 9,634 times

last updated: 21 Nov '13, 06:13

p​o​w​e​r​e​d by O​S​Q​A