SOLVED: How to Determine What is Using LDAPS

If you have LDAPS on your Domain Controllers, you might want to know what is using it. In our case, we had a new customer with an partially configured LDAPS and we wanted to know what, if anything, was even trying to use it.

The solution is to use WireShark and and easy filter:

Download and install both:
- NPCap for WireShark HERE
- WireShark HERE
  - We typically use WireShark Portable to avoid a full install on a clients servers
Launch WireShark and select the NIC in use (usually the first one)
Enter TCP.PORT == 636 in the FILTER box at the top (See screenshot below)
Click the blue shark fin icon to start the capture
Wait at least 5 minutes to see any there any traffic (we waited 45 minutes)
Look at the SOURCE and DESTINATION IP addresses to figure out what is taking to what

Next SOLVED: How To Add CPU / RAM to an Azure VM »

Previous « SOLVED: What is the Difference Between MS Edge Browser For Server and For Windows 11 / 10