Capture Auth Packes with WireShark¶
Sometimes it is required by email@example.com to capture the packets on the wire to better understand what is going on and why authentication is failing. Please use the following steps to make a capture.
Ensure time is synced between your domain joined machine, domain controller and proxy that fails authentication.
Ensure your browser points to your proxy by FQDN and not by IP address.
Close all browsers on your workstation
In command prompt on your workstation type
klist purge. It will delete all your Kerberos tickets. If you type
klistagain it should say
Cached Tickets: (0).
Choose Start, type Credentials Manager and clear every stored records for your proxy in Windows Credentials.
Start Wireshark on your workstation, open browser and type www.google.com
After connection is finished (successfully or not), close the browser, stop wireshark capture, save it and zip it.
Send the archive to firstname.lastname@example.org.