for example, you may check frame 9 in attachment
Frame 9 (105 bytes on wire, 105 bytes captured)
Ethernet II, Src: Microsof_85:ab:0c (00:03:ff:85:ab:0c), Dst: Microsof_a6:ab:0c (00:03:ff:a6:ab:0c)
Internet Protocol, Src:
10.10.12.1
(
10.10.12.1), Dst:
10.5.3.1 (
10.5.3.1)
Transmission Control Protocol, Src Port: 1543 (1543), Dst Port: ldap (389), Seq: 1, Ack: 1, Len: 51
Lightweight-Directory-Access-Protocol
LDAPMessage searchRequest(4) "<ROOT>" baseObject
messageID: 4
protocolOp: searchRequest (3)
searchRequest
<<<<<<<<<-----Base DN is missing here ---------->>>>>>>>>>>>>>
scope: baseObject (0)
derefAliases: neverDerefAliases (0)
sizeLimit: 0
timeLimit: 0
typesOnly: False
Filter: (objectClass=*)
attributes: 0 items
Response In: 11
----------
I found it a little bit diffcult to filter all ldap query with <root> base DN.
Attachment:
forestfun2.cap
Description: Binary data