Download WireShark (64bit version) from
Install it on the DualShield server (follow its user guide).
Run it as Administrator

Use the capture filter "tcp port 389", as we only care about the LDAP traffic on port 389.

Press "Enter" key to start the capture.
Alternatively, You can add the filter into template with  Capture | Capture Filters...

Click + button to add a new one

(double click the fields to change their values)
You can see the current options, Capture | Options...

If everything is set correctly, click "Start" button to start the capture.
You should see live LDAP traffic captured in Wireshark.

To stop the capture, click the stop button on the toolbar: 


or select from the menu:

Finally, you can save the capture into a file.