Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Massimiliano
Explorer

How to decrypt LDAPs packets captured with tcpdump or fwmonitor

Hi,

we have configured an LDAP account unit with two server using port tcp 636. We need understand if the LDAP servers answer to our query with the correct user_group. We did a tcpdump (or fwmonitor) but all packets collected are encrypted.

Is it possibile decrypt them?

Let me know

Massimiliano

0 Kudos
5 Replies
Massimiliano
Explorer

Sorry, but how I can recover the keylog of the Security gateway? The LDAP connection is not between my pc and the LDAP server, but between FW and LDAP server.

0 Kudos
_Val_
Admin
Admin

I think it would be much easier just to see LDAP logs

0 Kudos
Massimiliano
Explorer

Yea, but from the log I saw the user_group "all_users"; so it seems that the LDAP server didn't send the correct user group. I need the packet capture, because the Microsoft guy (ower of the LDAP server) didn't saw any problem from his side. I need understand where is the issue and the logs is not enough.

0 Kudos
JozkoMrkvicka
Leader
Leader

Maybe you can start from other way around. You can check what is LDAP query which firewall is sending. You can then be 100% sure if that answer from LDAP is correct or not. You will need to enable VPN debugs on the firewall and examine vpnd.elg file.

Another option to confirm where is the problem is to use "ldapsearch" command to query needed user groups and see the answer from LDAP.

Sometimes it is better to open vendor case and get official answer from the vendor in order to convince the other end that the issue is/ is not on their end 😉

Kind regards,
Jozko Mrkvicka
0 Kudos