Notification texts go here Contact Us

Top 10 wireshark filters every cybersecurity professional should know

The top 10 wireshark filters every cybersecurity professional should know:



1. Filter by IP Address:
To capture traffic to or from a specific IP address, you can use the following filter:
ip.addr == x.x.x.x

2. Filter by Port:
To capture traffic on a specific port, use the following filter:
tcp.port == 80 # for HTTP
udp.port == 53 # for DNS

3. Filter by Protocol:
To filter traffic by a specific protocol, use:
ip.proto == 6 # for TCP
ip.proto == 17 # for UDP

4. Filter by MAC Address:
To capture traffic for a specific MAC address, use:
eth.addr == xx:xx:xx:xx:xx:xx

5. Filter by Host:
To filter traffic to or from a specific host, use:
 dns.qry.name == "example.com"

6. Filter by HTTP Traffic:
To capture only HTTP traffic, use:
http

7. Filter by ARP Traffic:
To capture only ARP traffic, use:
arp 

8. Filter by ICMP Traffic:
To capture only ICMP (ping) traffic, use:
icmp

9. Filter by Packet Length:
To capture packets of a specific length, use:
frame.len == 1500

10. Filter by Source and Destination:
To capture traffic between two specific IP addresses, use:
ip.src == x.x.x.x and ip.dst == y.y.y.y

Share and support our blog.❤️

About the Author

I am CS Engineer who is interested in Cyber security, python programming and web development.

Post a Comment

Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
Oops!
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.
Site is Blocked
Sorry! This site is not available in your country.