How to take a packet trace using tcpdump

Common options to use are
-D : Lists the available interfaces
-i : Listen on specified interface. Use tcpdump -D, ip a, or ifconfig to get available interfaces or use -i any for all.
-n : Use numbers, don’t resolve hostnames.
-nn : Don’t resolve hostnames or port names.
-v, -vv, -vvv : Increase the amount of packet information you get back.
-c : Capture x number of packets, example tcpdump -c 50
-s : Set the snapshot length or snarfs the snaplen. The default is 68 bytes. Use -s0 unless you are know what snapshot length you want to capture.
-q : Show less protocol information.
-E : Decrypt IPSEC traffic by providing an encryption key.
-R : Read the trace

tcpdump syntax: ‘Protocol’ ‘Direction’ ‘Host(s)’ ‘Value’ ‘Logical Operations’ ‘Other expression’
tcpdump tcp src 445 and tcp dst

Start by listing interfaces that are available:
tcpdump -D… Continue reading

How to take a LDAP trace – quick version

This video will show you how to take a ldap trace on a linux/DSfW server.

This applies to both eDirectory and DSfW (since DSfW is built on eDir)
A ldap trace is helpf in troublehooting applications or workstations authenticating,
searching, or modifying the directory.
Some commands used in the video

ldapconfig utility:
See the screen level
ldapconfig get |grep -i “ldap screen level”

set the screen level for everything but packet dumping
ldapconfig -s “Operation| Connection| Config| Extensions| Error| Critical| DataConnection”

Setting the screen level to all
ldapconfig -s “ldap screen level=all”

Going back to default screen level
ldapconfig -s “ldap screen level= Error| Critical”

ndstrace section:
turn off the screen and file logging
ndstrace off

clear the filter
set ndstrace = nodebug

enabeling ldap and nmas in the filter
ndstrace +time +tags +ldap +nmas

turn on the screen and logging
ndstrace on

The ndstrace.log is located in

How to take a LDAP trace – long version

How to take a LDAP NMAS trace for DSfW TID 7009602