Filters that I sometimes use.
tcp.flags.syn==1 && tcp.flags.ack==0 — Every time a TCP connection is initiated.drda.sqlstatement — only show packets that include the text of an SQL query To get just a list of the SQL queries included in a .pcap file, run this at the command line:
tshark -2 -R 'drda.sqlstatement' -Tfields -e 'drda.sqlstatement' -r MY_FILE.pcap | perl -ple 's/^WITH HOLD ,//; s/[\r\n]*$/;\r\n\r\n/'
Incidental information: If you want to highlight just the "FROM" section of each SQL query, use this search within Vim: /\vfrom.*( where| order)@=