How to take a packet trace using tcpdump
Common options to use are
-D : Lists the available interfaces
-i : Listen on specified interface. Use tcpdump -D, ip a, or ifconfig to get available interfaces or use -i any for all.
-n : Use numbers, don’t resolve hostnames.
-nn : Don’t resolve hostnames or port names.
-v, -vv, -vvv : Increase the amount of packet information you get back.
-c : Capture x number of packets, example tcpdump -c 50
-s : Set the snapshot length or snarfs the snaplen. The default is 68 bytes. Use -s0 unless you are know what snapshot length you want to capture.
-q : Show less protocol information.
-E : Decrypt IPSEC traffic by providing an encryption key.
-R : Read the trace
tcpdump syntax: ‘Protocol’ ‘Direction’ ‘Host(s)’ ‘Value’ ‘Logical Operations’ ‘Other expression’
tcpdump tcp src 192.168.100.10 445 and tcp dst 192.168.100.2
Start by listing interfaces that are available:
tcpdump -D… Continue reading
How to take a LDAP trace – quick version
This video will show you how to take a ldap trace on a linux/DSfW server.
This applies to both eDirectory and DSfW (since DSfW is built on eDir)
A ldap trace is helpf in troublehooting applications or workstations authenticating,
searching, or modifying the directory.
Some commands used in the video
ldapconfig utility:
See the screen level
ldapconfig get |grep -i “ldap screen level”
set the screen level for everything but packet dumping
ldapconfig -s “Operation| Connection| Config| Extensions| Error| Critical| DataConnection”
Setting the screen level to all
ldapconfig -s “ldap screen level=all”
Going back to default screen level
ldapconfig -s “ldap screen level= Error| Critical”
ndstrace section:
turn off the screen and file logging
ndstrace off
clear the filter
set ndstrace = nodebug
enabeling ldap and nmas in the filter
ndstrace +time +tags +ldap +nmas
turn on the screen and logging
ndstrace on
The ndstrace.log is located in
/var/opt/novell/eDirectory/log/
How to take a LDAP trace – long version
How to take a LDAP NMAS trace for DSfW TID 7009602