This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Active Directory User Account Capture

0

How to trace an AD account lockout issue using wireshark.How to trace the caller computer inside my network

asked 20 Nov '13, 20:22

Anand%20Giri's gravatar image

Anand Giri
11112
accept rate: 0%


One Answer:

0

How to trace an AD account lockout issue using wireshark.How to trace the caller computer inside my network

Well, that's not really easy with a network trace, as the account lockout could have a range of possible reasons and the offending system could use LDAP (plaintext) or LDAPS (encrypted via TLS) or Kerberos. As soon as encryption is part of the game (LDAPS or Kerberos), the effort to figure out the problem via a network capture tool, raises fairly fast.

If I had to analyze that kind of problem, I would use built in tools of Windows, like Security Eventlogs, or the 'new' Windows Message Analyzer, rather than a network capture tool.

Regards
Kurt

answered 21 Nov '13, 06:12

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 21 Nov '13, 06:13