Wireshark TLS conversation for ldaps

Asked Jul 13 '20 at 12:42

Active Jul 13 '20 at 12:42

Viewed 770 times

I am trying to troubleshoot an issue with delays in LDAPS bind operations with tcpdump/wireshark.

Here is what I get from client side on a conversation with delays:

I see the following problems:

I see no ServerHello response (this happens for all TLS sesssions). May be this a Wireshark or tcpdump collection issue?
There is a gap of 8 seconds between the "Client Hello" and the next ACK. What could be the reason for this?

asked Jul 13 '20 at 12:42

trikelef

There seems to be only one direction of conversation here. Only the client-to-server traffic is showing. Nothing is showing from server-to-client. Did something go wrong with your capture or was it filtered out? – Michael Hampton Jul 13 '20 at 14:40
You are right. I had set "dst xx.xx.xx.xx" which hides the reply section of the session. – trikelef Jul 14 '20 at 07:33
You should do a new capture, then, which contains both directions of the conversation. Consider a capture filter like `host 198.51.100.83 and port 636` – Michael Hampton Jul 14 '20 at 12:45

0 Answers0