How To Capture from the Command Prompt with Wireshark
ip.src_host==123.45.67.89
filter to capture only LDAP traffic – see LDAP, filter to capture only packets pertaining to LDAP traffic
filter view to see only packets pertinant to LDAP Server Signing – see LDAP, filter to view only packets pertaining to LDAP Server Signing
(frame.time >= "Oct 16, 2023 11:15:14") && (frame.time <= "Oct 16, 2023 11:15:15")
IP address, filter results by – see filter by IP address
LDAP, filter to capture only LDAP traffic
port 389 or port 636
LDAP Server Signing filter to view only packets pertaining to Server Signing
to display of packets already captured to find packets pertaining to LDAP Server Signing
ldap.requestName == 1.3.6.1.4.1.1466.20037 or ldap.responseName == 1.3.6.1.4.1.1466.20037
for port 387 or
ldap.requestName == 1.3.6.1.4.1.1466.20036 or ldap.responseName == 1.3.6.1.4.1.1466.20036
for port 686 (LDAPS)
timestamp, display instead of seconds since begin recording session
In the View menu click Time Display Format and choose one of the Time of Day options.
time by, filter results by range – see filter by time