This is a list of Wireless display filters for various functions. I am adding to it all the time.
Operators
| Operation | Operator |
| AND | && |
| OR | || |
| NOT | ! |
| Equals | == |
| Not Equals | != |
| Greater Than | > |
| Less Than | < |
| Less Than or Equal | <= |
| Greater Than or Equal | >= |
| Contains | contains |
| Description | Filter |
| Source MAC Address | eth.src == 00:00:00:00:00:00 |
| Destination MAC Address | eth.dst == 00:00:00:00:00:00 |
| Source or DestinationΒ MAC Address | eth.addr == 00:00:00:00:00:00 |
IP Address (Layer 3)
| Description | Filter |
| Source IP Address | ip.src == 192.168.0.1 |
| Destination IP Address | ip.dst == 192.168.0.1 |
| Source or Destination IP Address | ip.addr == 192.168.0.1 |
Port
| Description | Filter |
| UDP Source Port | udp.srcport == 53 |
| TCP Source Port | tcp.srcport == 53 |
| UDP Destination Port | udp.dstport == 53 |
| TCP Destination Port | tcp.dstport == 53 |
| UDP Source or Destination Port | udp.port == 53 |
| TCP Source or Destination Port | tcp.port == 53 |
Protocols
Filter for most standards and protocols just with the name, for example:
- arp
- dns
- dhcp
- http
- https
- lldp
- stp
- ip
- eth
- sip
- smb
Wireshark supports thousands of standard names.
DNS
| Description | Filter |
| DSCP Expeditated Forwarding | ip.dsfield.dscp == 46 |
| DSCP Assured Forwarding | ip.dsfield.dscp == 34 |
| DSCP CS3 | ip.dsfield.dscp == 24 |
| DSCP Best Effort | ip.dsfield.dscp == 0 |
| DSCP Scavenger | ip.dsfield.dscp == 8 |
Text Search
| Description | Filter |
| Text Search | frame contains "password" |
