How can I watch LDAP traffic on port 389?

Question

How can I watch LDAP traffic on port 389?

I use the Charles Web Debugging proxy to view traffic on ports 80/443 for HTTP and HTTPS requests. On Mac OS X, what program can I use to view traffic on port 389/636 for ldap:// and ldaps:// ? I am interested in seeing the actual requests / responses, partially seeing how safe they are and what the differences are, and partially just because I'm curious about what the requests look like.

+4

debugging proxy ldap packet-sniffers sniffing

cwd Nov 07 '11 at 20:17

source share

4 answers

You can use Mac OS X built into the tcpdump command, I believe you need a call that looks like sudo tcpdump -i en0 port 389,636 , although there are other flags on the man page to print the actual request data (try man tcpdump )

+3

Tim Nov 07 '11 at 20:19

source share

You can use Wireshark .

+2

driis Nov 07 '11 at 20:20

source share

This is also work:

tcpdump -n not port ssh and port 389 , not broadcast, not multicast

-1

Mehmet kaya Dec 15 '16 at 11:54

source share

Terry gardner · Accepted Answer · 2011-11-07T20:31:11+0000

As noted, Wireshark or tcpdump. You will not be able to judge the security of requests and responses because you must view unsecured connection traffic. If it were encrypted, you would not be available to view traffic that is not encrypted. SSL or StartTLS (as an advanced operation) should be used to protect LDAP traffic. For more information on the LDAP message envelope, see RFC4511 .

How can I watch LDAP traffic on port 389?

More articles: