Filters

Filter packets by IP

ip.addr==<ip>

Filter packets sent from a specific address

ip.src==<ip>

Specify destination IP

ip.dst==<ip>

Filter traffic by request method

http.request.method == POST

Filter ARP traffic

arp

Filter HTTP traffic

http

Filter ICMP traffic

icmp

Filter HTTP or DNS traffic

http or dns

Filter HTTP or DNS traffic coming from specific address

ip.addr==<ip> and (dns or http)

Don't capture HTTP traffic from a specific IP

http and ip.src!=<ip>

Filter traffic from specific tcp port

tcp.port==<port>

Filter traffic from specific udp port

udp.port==<port>

Capture packets with SYN flag enabled

tcp.flags.syn==1

Capture packets with SYN and ACK

tcp.flags.syn==1 and tcp.flags.ack==1

Capture packets with SYN and ACK inside a subnet

tcp.flags.syn==1 and tcp.flags.ack==1 and ip.addr==192.168.1.0/24

Filter packets by string

tcp contains "string"

Last updated 3 years ago

Was this helpful?