Packet Analysis Using Wireshark

Display Filter Comparison Operator

A typical display filter expression consists of a field name, a comparison operator, and a value.

Value Type

The last element in the expression is the value, which is what you want to match in relation to the comparison operator. Values also come in different types as well, which are shown in the following table:

Display Filter Logic Operators

We can create a filter expression that only shows packets using the IP protocol by simply stating the protocol name:

Display Filter Expressions

We can combine a previous expression with another expression to make a compound expression. This will match any packets sourced from 192.168.1.155 that are not destined for port 80:

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store