Networking

Essential Wireshark Display Filters: A Comprehensive Guide for Network Analysis

David L.

Jun 23, 2025 — 2 min read

Wireshark is a powerful open-source packet analyzer used to capture and inspect network traffic. But with large volumes of data, analysis can get overwhelming. This guide highlights essential Wireshark filters to help you troubleshoot faster, improve productivity, and better understand network behavior.

Here's Top Wireshark Display Filters You Need to Know

Filter	Description
`ip.addr == 10.0.0.0/24`	Display all traffic to and from any IP in the 10.0.0.0/24 subnet.
`ip.addr == 10.0.0.1`	Display all traffic to and from IP address 10.0.0.1.
`!(ip.addr == 10.0.0.1)`	Exclude all traffic to or from IP address 10.0.0.1.
`icmp.type == 3`	Show ICMP packets with type 3 (Destination Unreachable).
`tcp or udp`	Display all TCP or UDP traffic.
`tcp.port == 80`	Display TCP traffic on port 80.
`tcp.srcport < 1000`	Display TCP traffic with source ports below 1000.
`http or dns`	Display all HTTP or DNS traffic.
`tcp.flags.syn == 1`	Show TCP packets with the SYN flag set.
`tcp.flags == 0x012`	Show TCP packets with both SYN and ACK flags set.
`http.request.method == "GET"`	Display HTTP GET request packets.
`http.response.code == 404`	Show packets with HTTP 404 (Not Found) responses.
`http.host == "www.abc.com"`	Show HTTP traffic with Host header "www.abc.com".
`dns.resp.name == abc.com`	Display DNS responses where the name matches "abc.com".
`frame contains keyword`	Show packets that contain the word "keyword".
`frame.len > 1000`	Display packets larger than 1000 bytes in total length.
`dhcp and ip.addr == 10.0.0.0/24`	Show DHCP traffic within the 10.0.0.0/24 subnet.
`ip.src == 10.0.0.1 && ip.dst == 10.0.0.2`	Show traffic from 10.0.0.1 to 10.0.0.2 only.

Conclusion

Wireshark is a go-to tool for network administrators, used daily to analyze traffic for various purposes. In this article, we’ve highlighted key filters to streamline your analysis and make troubleshooting faster and more effective.

If you found this guide helpful, consider supporting me!

Stop Using Loops in JavaScript: 6 Smarter, Cleaner Alternatives You Should Know

Are you still writing old-school for or while loops in JavaScript? If so, you're not alone — but you're definitely missing out. JavaScript offers a suite of powerful array methods that are more readable, concise, and often more efficient. Not only do these methods make your code

Looking for a Jira or ClickUp Alternative? Try This Budget-Friendly Project Management Tool

Let’s face it, choosing a project management tool isn’t always fun. With so many platforms out there, all promising to make your life easier, it’s easy to feel overwhelmed. ClickUp, Jira, Asana... the list goes on. But once you dive in, it’s not long before you&

How to Self‑Host Plane (Commercial Edition) on Ubuntu: A Complete Guide

You can find the official self-hosting guide for Plane at: https://developers.plane.so/self-hosting/ Prerequisites: * A fresh machine (virtual or on-prem) * Minimum system requirements: * 2 vCPUs * 4 GB RAM * Supported CPU architectures: * x64 (AMD64) * AArch64 (ARM64) * Supported OS: * Ubuntu 🔐 Step 1: SSH into Your Server SSH into your machine

How to Set Up Prometheus, InfluxDB, and Grafana for Full-Stack Monitoring with Docker

Monitoring your infrastructure is critical to keeping systems healthy, optimizing performance, and planning for growth. In this guide, you’ll learn how to set up a powerful monitoring stack using Prometheus and InfluxDB to collect and store metrics, and Grafana to visualize them. To demonstrate how data collection works, we’