Applies to:
All versions of Centrify DirectControl for Applications
Question:
How to capture network traffic from a Windows client machine accessing a Centrify server?
Answer:
The following steps need to be followed on the Windows machine where application url will be accessed.
1) Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development.
Wireshark can be downloaded here.
http://www.wireshark.org/download.html
Installing wireshark and configuring is beyond the scope of this Article. There are plenty of resources on the Internet like this one provided as a courtesy.
http://www.howtogeek.com/104278/how-to-use-wireshark-to-capture-filter-and-inspect-packets/
3) In order to get a new Kerberos ticket, the Windows client machine must be locked and unlocked with AD credentials. Log out and login will work fine too.
4) Start capturing the network traffic using Wireshark.
5) Clear cache and open the browser and attempt access with FQDN. Let it fail. Note the name of the user in question.
6) Stop the capture using Wireshark
7) Save the network capture in pcap format. Email it to support or ftp the same if its too big.
8) Provide the source and destination IP addresses involved.