display filters
1. ip.addr == IP -> filters by the specified IP address, source or destination
2. ip.dst == IP_DST && ip.src == IP_SRC -> filters by the specified IP addresses in source and destination
3. http or dns -> shows all captured HTTP or DNS packets
4. tcp.port == PORT -> shows TCP packets whose source or destination port matches the specified one
5. tcp.flgas.reset==1 -> shows all TCP packets that have the RST flag set
6. tcp contains TERM -> filters by those packets that contain the specified term
7. !(arp or icmp or dns or ssdp or udp) -> filters all packets that do not use the ARP, ICMP, DNS, SSDP or UDP protocols
8. tcp.port in {80 25} -> show all packets whose source or destination TCP port is 80 or 25
9. !(tcp.port in {22 443} -> show all packets whose source or destination TCP port is not 22 or 443
Capture Filters
1. not arp -> capture all packet types except ARP
2. port 22 -> only capture packets whose source or destination port is 22, regardless of whether it is TCP or UDP traffic
3. tcp port 443 -> only capture TCP packets whose source or destination port is 443
4. not port 25 and not port 53 -> ignore all TCP or UDP packets whose port is 25 or 53
5. tcp src port 80 -> capture TCP packets whose source port is 80
6. tcp[tcpflags] == tcp-syn -> capture TCP packets with the SYN flag
7. tcp[tcpflags] == (tcp-syn + tcp-ack) -> capture TCP packets with the SYN+ACK flags
8. tcp[tcpflags] == tcp-rst -> capture TCP packets with the RST flag
1. ip.addr == IP -> filters by the specified IP address, source or destination
2. ip.dst == IP_DST && ip.src == IP_SRC -> filters by the specified IP addresses in source and destination
3. http or dns -> shows all captured HTTP or DNS packets
4. tcp.port == PORT -> shows TCP packets whose source or destination port matches the specified one
5. tcp.flgas.reset==1 -> shows all TCP packets that have the RST flag set
6. tcp contains TERM -> filters by those packets that contain the specified term
7. !(arp or icmp or dns or ssdp or udp) -> filters all packets that do not use the ARP, ICMP, DNS, SSDP or UDP protocols
8. tcp.port in {80 25} -> show all packets whose source or destination TCP port is 80 or 25
9. !(tcp.port in {22 443} -> show all packets whose source or destination TCP port is not 22 or 443
Capture Filters
1. not arp -> capture all packet types except ARP
2. port 22 -> only capture packets whose source or destination port is 22, regardless of whether it is TCP or UDP traffic
3. tcp port 443 -> only capture TCP packets whose source or destination port is 443
4. not port 25 and not port 53 -> ignore all TCP or UDP packets whose port is 25 or 53
5. tcp src port 80 -> capture TCP packets whose source port is 80
6. tcp[tcpflags] == tcp-syn -> capture TCP packets with the SYN flag
7. tcp[tcpflags] == (tcp-syn + tcp-ack) -> capture TCP packets with the SYN+ACK flags
8. tcp[tcpflags] == tcp-rst -> capture TCP packets with the RST flag
