Quoting Stephen Fisher <stephentfisher@xxxxxxxxx>:
Cheers, I had tried using 'tcp port 389' but in needing to do a 24hr
capture resulted in a lot of info. Even when splitting the data amongst
multiple files resulted in 10Mb x 260 files. Opening this many files
would be too much. I'm not sure of what the maximum file size WireShark
can handle in opening, may give 150Mb a go instead of 10Mb multiple file
sizes.
Thanks
> On Thu, Oct 26, 2006 at 02:33:19PM +1000, sallas@xxxxxxxxxx wrote:
>
> > Anybody knows what the Capture Filter equivalent is of the
> following
> > View Filter: ldap.authentication == 0
> >
> > I am basically trying to whittle down my capture to simple
> > authentication requests over LDAP (389) as part of an investigation
>
> > into using LDAPS.
>
> Unfortunately, there is no way to get that much detail in a capture
> filter. The best you can do is set the capture filter to only
> capture
> LDAP traffic with "tcp port 389".
>
>
> Steve
>
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users
>
