On Mon, Apr 02, 2001 at 09:31:29PM -0500, Bob Tanner wrote:
> I am working on LDAP using TLS and I want to sniff my network to
> make absolutely sure nothing is every exchanged with the ldap server
> in clear text.
> 
> I have tried several tools, each seems to have a strength, but none
> of them are "simple". The tools I have used are tcpdump, snoop,
> sniffit, ethereal.
> 
> I just want to sniff all traffic between hostA and hostB on port 389
> and 636, which tool is best for this simple task?
> 
> I'd like to see it like hostA tries to connect on port 389 with SSL.
> Then hostB responds to use port 636.  etc..

bash# tcpdump -x -X host \(hostA and hostB\) proto tcp port \(389 and 636\)

...might/should/could work to dump the contents of the packets and
attempt to display them in ASCII format. ;-)  I'm just guessing.

-- 
Chad Walstrom <chewie at wookimus.net>                 | a.k.a. ^chewie
http://www.wookimus.net/                            | s.k.a. gunnarr
Key fingerprint = B4AB D627 9CBD 687E 7A31  1950 0CC7 0B18 206C 5AFD

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20010411/361ebaca/attachment.pgp