Is there any ldap capture tool that may replace WireShark ?

Asked By Alan Farrer 10 points N/A Posted on - 01/21/2013

Hi all,

If I need to monitor my network traffic that includes some Headless Unix Servers, knowing that Wireshark does not work on Headless Systems, where can I find an alternative LDAP Capture tool ?

Thanks in advance.

• Status: Open
• Question Views: 882
• Answer Count: 1
• Vote Up 1 Vote Down

• Answer Accepted: No
• Question Category: Active Directory

Answered By Franke Mary 10 points N/A #195408

Is there any ldap capture tool that may replace WireShark ?

 

Hello,

When the volume of traffic intercepted is high and makes performing the manual analysis of a network capture very labour intensive, one way of quickly processing this information to identify attacks or set a starting point of where to start the investigation is to use automatic analysis with external tools.

One of the most widely used applications for the detection of system attacks is Snort. Snort is an open-code IDS (Intrusion Detection System) based on signatures, that analyses the traffic in real time and compares it against a known signature repository, warning when packets are suspect whether for its content or structure. This could be useful when analysing a previously performed traffic capture that is too big to be analysed manually. To process the PCAP file via Snort, execute the following command: Attached 

Thanking you

Franke Mary.

 

About Franke Mary

Questions
3

Answers
102

Best Answers
23

• Vote Up 0 Vote Down

• Posted on - 02/22/2013
• Question Category: Active Directory