Capture Auth Packes with WireShark
Sometimes it is required by email@example.com to capture the packets on the wire to better understand what is going on and why authentication is failing. Please use the following steps to make a capture.
- Ensure time is synced between your domain joined machine, domain controller and proxy that fails authentication.
- Ensure your browser points to your proxy by FQDN and not by IP address.
- Close all browsers on your workstation
- In command prompt on your workstation type
klist purge. It will delete all your Kerberos tickets. If you type
klistagain it should say
Cached Tickets: (0).
- Choose Start, type Credentials Manager and clear every stored records for your proxy in Windows Credentials.
- Start Wireshark on your workstation, open browser and type www.google.com
- After connection is finished (successfully or not), close the browser, stop wireshark capture, save it and zip it.
- Send the archive to firstname.lastname@example.org.