How can I watch LDAP traffic on port 389?

cwd picture cwd · Nov 7, 2011 · Viewed 20.9k times · Source

I use Charles Web Debugging Proxy to watch traffic on ports 80 / 443 for HTTP and HTTPS requests. With Mac OS X, what program can I use to watch traffic on port 389 / 636 for ldap:// and ldaps://? I'm interested in seeing the actual requests / responses, partially to see how secure they are and what the differences are, and partially just because I'm curious as to what the requests look like.

Answer

Terry Gardner picture Terry Gardner · Nov 7, 2011

As noted, Wireshark or tcpdump. You will not be able to judge the security of the requests and responses, because you must view the unsecured connection traffic. If it were encrypted, you would not be available to view the traffic unencrypted. SSL or StartTLS (as an extended operation) should be used to secure LDAP traffic. For more information about the LDAP message envelope, see RFC4511.