1. Run Wireshark and Start capturing.
2. Perform transaction (e.g View contents from Admin UI for the user directory)
3. Stop capturing.
4. Modify Display Filter
Tcp.dstport == <destination ldap port>
5. Analyze ==> Decode
Choose : Destination Port :3087 and then Ldap on the right hand side
6. You can now further filter out to search only ldap transactions.
On Linux, you can also capture TCP Dump in the WireShark understandable format as below :
tcpdump -i <interface> -s 65535 -dst <destination_ip> -w <some-file>
tcpdump -i eth0 -s 65535 -w tcmpdump.txt