This is a preview. You must login to view/edit this pcap.

O 1. 10.0.2.101 » 10.0.1.101 tcp 44053 > 389 [SYN] Seq=0 Win=5840 Len=0 MSS=1460 TSV=160936782 TSER=0 WS=2
O 2. 10.0.1.101 » 10.0.2.101 tcp 389 > 44053 [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 MSS=1460 WS=0 TSV=0 TSER=0
O 3. 10.0.2.101 » 10.0.1.101 tcp 44053 > 389 [ACK] Seq=1 Ack=1 Win=5840 Len=0 TSV=160936802 TSER=0
O 4. 10.0.2.101 » 10.0.1.101 ldap bindRequest(1) "cn=LDAPSearch,ou=ServiceAccounts,dc=ins,dc=com" simple
O 5. 10.0.1.101 » 10.0.2.101 tcp 389 > 44053 [ACK] Seq=1 Ack=71 Win=65465 Len=0 TSV=220117 TSER=160936821

Here are some of things that registered users can do with this pcap:

  • Reorder packets
  • Fragment packets
  • Reassemble TCP streams
  • Rewrite TCP streams (over IPv4 and IPv6)
  • Extract embedded HTTP content
  • Convert any packet into a DoS generator