Domain LDAP listening check

A quick command for checking if your Active Directory servers are all listening on LDAP. Guess who had an issue with that today? :)

dig +short domainname.internal | xargs -I{} /usr/sbin/hping3 -p 389 -q -c 1 {} 2>&1 | egrep "(transmitted|hping)"

You’ll need hping3 - it’s installable from apt-get on Debian, can’t comment about any other distributions.

A quick explanation for each part:

  • dig +short domainname.internal - pull the IPs of the hosts in the domain entry - they’ll be your domain controllers
  • sudo is required because hping uses raw sockets
  • xargs runs the next command on each input line
  • hping3 -p 389 - connect on TCP to the LDAP port
  • 2>&1 - redirect STDERR to STDOUT to make it more easily filtered
  • egrep - filter only the required lines

This’ll hit each server once and show an output like:

--- 1.2.2.2 hping statistic ---
1 packets transmitted, 0 packets received, 100% packet loss

It is dirty, but it works!


Tags: work active directory linux