Skip to content
Study Notes(Edit)
Resources
Networks
CAB201
Binary Calculator
Color Palette Finder
Database Management
Share
Explore

Wireshark Filter Guide for Network Protocol Analysis

This guide provides an overview of general and specific filters for common network protocols such as HTTP, DNS, ICMP, and FTP. Use these filters during network analysis to isolate specific traffic types or packet attributes.

1. General Filters

Table 1
Protocol
Description
Filter
HTTP Traffic
Captures all HTTP traffic (requests and responses)
http
DNS Traffic
Captures all DNS traffic (queries and responses)
dns
ICMP Traffic
Captures all ICMP traffic (ping requests and replies)
icmp
FTP Traffic
Captures all FTP traffic, including commands and file transfers
ftp
TCP Traffic
Captures all TCP traffic
tcp
UDP Traffic
Captures all UDP traffic
udp
TLS/SSL Traffic
Captures all TLS/SSL encrypted traffic
tls
There are no rows in this table

For FTP
FTP
Type
Tag

Username
User
request.args
Password
Pass
request.args
Storage or Upload
STOR
request.args
Transfer complete
226 Transfer complete

There are no rows in this table

2. Specific Filters

Table 2
TCP SYN Packets
Captures TCP packets with the SYN flag set (connection initiation)
tcp.flags.syn==1 && !tcp.flags.ack
TCP SYN-ACK Packets
Captures SYN-ACK packets (response from the server)
tcp.flags.syn==1 && tcp.flags.ack==1
There are no rows in this table

3. Port-Specific Filters

Table 3
There are no rows in this table

4. IP Address-Specific Filters

Table 4
There are no rows in this table

5. Excluding Traffic

Table 5
There are no rows in this table

6. Combination Filters (Examples)

Table 6
There are no rows in this table

Best Practices:

Use Multiple Filters: Combine filters for more refined searches. For example, to capture DNS traffic from a specific source IP, you can use:
Filter: dns && ip.src==192.168.1.1
Follow Streams: For protocols like HTTP or FTP, right-click on a TCP packet and select "Follow → TCP Stream" to view the entire conversation between the client and server.
Save Filters: Save commonly used filters for quick access later in Wireshark’s filter bar.
Want to print your doc?
This is not the way.
Try clicking the ··· in the right corner or using a keyboard shortcut (
CtrlP
) instead.