Software >> Tools >> Network >> Wireshark >> What are some example filter expressions to select and display specific captured packets

Eg. 1  Select a specific TCP stream

expression: tcp.stream eq 25


Eg. 2 Select a set of source ip source port and destination ip destination prot

expression: tcp.dstport == 80 and ip.dst == 172.16.118.67 and tcp.srcport == 3635 and ip.src == 199.184.149.3

E.g. 3 Select http packets only

expression : http

E.g. 4  Select http packets where the host is www.example.com

expression : http.host == www.example.com

E.g. 5 Select packets with specific source IP

expression : ip.src == 111.65.46.169

E.g. 6  Select http packets with specific content e.g. GET request to specific URI

expression : http contains "GET /someuri"