Packet Analysis Using Wireshark

Display Filter Comparison Operator

A typical display filter expression consists of a field name, a comparison operator, and a value.

Value Type

The last element in the expression is the value, which is what you want to match in relation to the comparison operator. Values also come in different types as well, which are shown in the following table:

Display Filter Logic Operators

We can create a filter expression that only shows packets using the IP protocol by simply stating the protocol name:

Display Filter Expressions

We can combine a previous expression with another expression to make a compound expression. This will match any packets sourced from that are not destined for port 80:



