🟢Filters
Filter packets by IP
ip.addr==<ip>
Filter packets sent from a specific address
ip.src==<ip>
Specify destination IP
ip.dst==<ip>
Filter traffic by request method
http.request.method == POST
Filter ARP traffic
arp
Filter HTTP traffic
http
Filter ICMP traffic
icmp
Filter HTTP or DNS traffic
http or dns
Filter HTTP or DNS traffic coming from specific address
ip.addr==<ip> and (dns or http)
Don't capture HTTP traffic from a specific IP
http and ip.src!=<ip>
Filter traffic from specific tcp port
tcp.port==<port>
Filter traffic from specific udp port
udp.port==<port>
Capture packets with SYN flag enabled
tcp.flags.syn==1
Capture packets with SYN and ACK
tcp.flags.syn==1 and tcp.flags.ack==1
Capture packets with SYN and ACK inside a subnet
tcp.flags.syn==1 and tcp.flags.ack==1 and ip.addr==192.168.1.0/24
Filter packets by string
tcp contains "string"
Last updated
Was this helpful?