How to trace an AD account lockout issue using wireshark.How to trace the caller computer inside my network
asked 20 Nov '13, 20:22
Well, that's not really easy with a network trace, as the account lockout could have a range of possible reasons and the offending system could use LDAP (plaintext) or LDAPS (encrypted via TLS) or Kerberos. As soon as encryption is part of the game (LDAPS or Kerberos), the effort to figure out the problem via a network capture tool, raises fairly fast.
If I had to analyze that kind of problem, I would use built in tools of Windows, like Security Eventlogs, or the 'new' Windows Message Analyzer, rather than a network capture tool.
answered 21 Nov '13, 06:12
Kurt Knochner ♦
edited 21 Nov '13, 06:13