I am working on LDAP using TLS and I want to sniff my network to make absolutely sure nothing is every exchanged with the ldap server in clear text. I have tried several tools, each seems to have a strength, but none of them are "simple". The tools I have used are tcpdump, snoop, sniffit, ethereal. I just want to sniff all traffic between hostA and hostB on port 389 and 636, which tool is best for this simple task? I'd like to see it like hostA tries to connect on port 389 with SSL. Then hostB responds to use port 636. etc.. The communication exchange... -- Bob Tanner <tanner at real-time.com> | Phone : (952)943-8700 http://www.mn-linux.org | Fax : (952)943-8500 Key fingerprint = 6C E9 51 4F D5 3E 4C 66 62 A9 10 E5 35 85 39 D9