Wireshark provides a wide range of filters that you can use to filter captured traffic based on specific criteria. These filters help you focus on specific protocols, IP addresses, ports, or other packet attributes. Here is a list of commonly used filters in Wireshark:
- Protocol Filters:
- tcp: Filters TCP packets.
- udp: Filters UDP packets.
- icmp: Filters ICMP packets.
- http: Filters HTTP traffic.
- dns: Filters DNS packets.
- ftp: Filters FTP traffic.
- ssh: Filters SSH packets.
- telnet: Filters Telnet traffic.
- arp: Filters ARP packets.
- dhcp: Filters DHCP traffic.
Example: Filter TCP packets:
tcp
Example: Filter HTTP traffic:
http
- IP Address Filters:
- ip.addr == X.X.X.X: Filters packets with a specific IP address.
- ip.src == X.X.X.X: Filters packets with a specific source IP address.
- ip.dst == X.X.X.X: Filters packets with a specific destination IP address.
- ip.host == X.X.X.X: Filters packets with a specific host IP address.
Example: Filter packets with a specific IP address:
ip.addr == 192.168.1.100
Example: Filter packets with a specific source IP address:
ip.src == 10.0.0.1
- Port Filters:
- tcp.port == XXXX: Filters packets with a specific TCP port number.
- udp.port == XXXX: Filters packets with a specific UDP port number.
- tcp.srcport == XXXX: Filters packets with a specific source TCP port.
- tcp.dstport == XXXX: Filters packets with a specific destination TCP port.
- udp.srcport == XXXX: Filters packets with a specific source UDP port.
- udp.dstport == XXXX: Filters packets with a specific destination UDP port.
Example: Filter packets with a specific TCP port number:
tcp.port == 80
Example: Filter packets with a specific source UDP port:
udp.srcport == 53
- MAC Address Filters:
- eth.addr == XX:XX:XX:XX:XX:XX: Filters packets with a specific MAC address.
- eth.src == XX:XX:XX:XX:XX:XX: Filters packets with a specific source MAC address.
- eth.dst == XX:XX:XX:XX:XX:XX: Filters packets with a specific destination MAC address.
Example: Filter packets with a specific MAC address:
eth.addr == 00:11:22:33:44:55
Example: Filter packets with a specific source MAC address:
eth.src == 00:11:22:33:44:55