Ethereal can do what you ask. Start it up and let it go for a bit, until 
your testing is done. Once you end the sniffing session, you can click on 
any TCP packet, and then view the entire conversation between the two hosts 
(source, destination). I've done it, though I don't remember the exact 
steps offhand.

Dave

At 09:31 PM 4/2/01 -0500, you wrote:
>I am working on LDAP using TLS and I want to sniff my network to make 
>absolutely
>sure nothing is every exchanged with the ldap server in clear text.
>
>I have tried several tools, each seems to have a strength, but none of 
>them are
>"simple". The tools I have used are tcpdump, snoop, sniffit, ethereal.
>
>I just want to sniff all traffic between hostA and hostB on port 389 and 636,
>which tool is best for this simple task?
>
>I'd like to see it like hostA tries to connect on port 389 with SSL.
>Then hostB responds to use port 636.
>etc..
>
>The communication exchange...
>
>--
>Bob Tanner <tanner at real-time.com>       | Phone : (952)943-8700
>http://www.mn-linux.org                 | Fax   : (952)943-8500
>Key fingerprint =  6C E9 51 4F D5 3E 4C 66 62 A9 10 E5 35 85 39 D9
>
>_______________________________________________
>tclug-list mailing list
>tclug-list at mn-linux.org
>https://mailman.mn-linux.org/mailman/listinfo/tclug-list

"...[W]e preach Christ crucified: a stumbling block to Jews and
foolishness to Gentiles, but to those whom God has called, both Jews
and Greeks, Christ the power of God and the wisdom of God."
(1 Cor 1:23-24)