THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Identify Domain Controller specifically included in network request

Know I can't be the first to ask a question like this... Is there a way to filter a Wireshark capture to include only requests from network which are specifically to a named Domain Controller, and not to the domain namespace in general? Attempting to decommission a Physical Domain Controller and over the years, applications have been hardcoded for ldap authentication. Without breaking these applications, we want to proactively edit configurations to query the Domain namespace instead of the FQDN of the Domain Controller. Any thoughts?

Bimpster's avatar
1
Bimpster
asked 2020-12-15 16:25:52 +0000
edit flag offensive 0 remove flag close merge delete

Comments

I tried to understand what you are looking for but the question was not clear to me.

hugo.vanderkooij's avatar hugo.vanderkooij (2020-12-16 08:59:49 +0000) edit
more
  • delete

Current LDAP configuration: ldap://dc1.Contoso.org:389, should be configured ldap://contoso.org:389. Dc1 needs to be retired. While running a wire shark capture on Dc1, is there a way to determine queried to ldap://dc1.contusion.org:389 by filtering? Dc1 also responds to namespace ldap://contoso.org:389 requests. Thank you!

Bimpster's avatar Bimpster (2020-12-16 12:21:02 +0000) edit
more
  • delete

Can't you capture on dc1 and look at the hosts making connection requests?

grahamb's avatar grahamb (2020-12-16 20:48:30 +0000) edit
more
  • delete

Absolutely I can, and have. The issue is trying to filter out requests to the namespace and include only those requests to the domain controller specifically. As long as it a DC, it will always respond to namespace requests AND requests specifically addressed to it.

Bimpster's avatar Bimpster (2020-12-16 21:50:16 +0000) edit
more
  • delete

Thank you @grahamb. It was a good thought but I had already identified dozens of applications hitting that one box.

Bimpster's avatar Bimpster (2021-01-29 01:23:03 +0000) edit
more
  • delete
add a comment see more comments

1 Answer

0

In any event, I have decommissioned DC and let the chips fall where they may. Two devices using ldap lookup specifically targeting the Domain Controller began failing. Not such a bad thing. a quick etc/hosts file entry and they were back on the air until their admin could associate another "specific" DC to use for ldap lookup. Don't you just hate it when they don't allow you to use the namespace but insist a DC be entered or IP address?

Bimpster's avatar
1
Bimpster
answered 2021-01-29 01:27:11 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer