How do I filter SQL Server traffic between app and DB servers using Wireshark?

Question

I\'m trying to identify the source of some ill-timed connection resets. I\'m trying to use Wireshark to capture the traffic that goes between the application server and data

Answer 1

Wireshark has display filters and capture filters. The capture filter captures only certain packets, resulting in a small capture file. Capture filters are set in Capture Options (ctrl-K). An example to capture SQL Server traffic would be:

host  and port 

A display filter is set in the toolbar. A display filter does not reduce the size of the capture. You can change a display filter while the capture is running. An example display filter:

 ip.addr ==  && tcp.port == 

The default SQL Server port is 1433.