WireShark filters

ip.addr

Lists packets with IP address of specified value

ip.dst

Lists packets with destination IP address of specified value

ip.src

Lists packets with source address IP of specified value

tcp.port

Lists packets with TCP ports of specified value

udp.port

Lists packets with UDP ports of specified value

http.request

Filters all HTTP GET and POST requests

http.response

Shows the responses to the HTTP requests, including the response codes

dns

Sets a filter to display all packets that contain DNS data

tcp contains

Displays all TCP packets that contain a string matching whatever is defined as

ip.addr == 10.0.0.1

Show any packet with Specific IP (example 10.0.01)

tcp.port==22

how any TCP packet with Specific Port (example port 22)

Class A

ip.addr == 10.0.0.0/8

Class B

ip.addr == 10.10.0.0/16

Class C

ip.addr == 10.10.10.0/24

Show packets to and from any address in a subnet

tcp.dstport == 80

Show all protocol traffic (example HTTP port 80)

tcp.port == 80 and ip.addr == 10.0.0.1

Show specific traffic to/from specific IP address (HTTP on example 10.0.0.1 )

http.request.method == “POST”

Filter for HTTP POST Requests

http.request.method == “GET”

Filter for HTTP GET Requests

http.response.code == 200

Show specific response request (example 200)

frame contains traffic

Show all packets that contain the word ‘traffic’