dns.qry.name == “www.cordero.me”
dns.qry.name matches “.cordero.me”
dns.qry.name contains “cordero.me”
tcp.flags.reset == 1
tcp.flags.push == 1
tcp.flags.syn == 1
ip.addr == 172.16.200.1
ip.src == 172.16.200.1
ip.dst == 172.16.200.1
tcp.port eq 53
udp.port eq 53
| Traffic type | Capture filter(s) | Display filter(s) [wireshark] |
| RIPv2 | udp port 520 | udp.port==520 |
| EIGRP | ip proto eigrp | ip.proto==88 |
| OSPF | ip proto ospf | ip.proto==89 |
| LDP | udp port 646 or tcp port 646 | udp.port==646 or tcp.port==646 |
| PIM | ip proto pim | pim |
| IGMP | ip proto igmp | igmp |
| BGP | tcp port 179 | tcp.port==179 |
| ICMP | ip proto icmp | icmp |
Wireshark display filter operands
| and | && |
| or | or |
| = | == |
| protocol and port | ip.port== udp.port== tcp.port== |
| source or dest ip | ip.src== ip.dst== |