AD auth & Wireshark
Posted on 2010-11-18
My domain is kamuk.com and is AD 2008. I have a Windows 2008 server that runs ApplicationA... to log onto it, it's supposed to carry out a query against AD so that I can use my AD username and password.
This doesn't seem to be working. I would like to check whether ApplicationA is even querying AD.
I guess the best way to do this would be to run Wireshark whilst attempting to log on? We have several DC's in our site, so I can't filter by all their IP addresses, so I think destination port would be easiest. Should I check for either 386 or 3268?
If so, which one is used for authentication?
Any help appreciated