Frequently used Wireshark Filters

This will be a living document in which I will document the Wireshark filters that I use most often.  For those new to Wireshark, a filter is used to limit the number of displayed packets to help narrow down and more efficiently troubleshoot network issues by looking on only relevant packets.

I will use THIS capture as an example in all filters documented.  You can download this packet capture and test the below filters yourself in Wireshark.  This capture includes:  visiting three websites and SMB (Windows file transfer over network) from one computer to another on the same network.

Single filters:

!(ipv6.version == 6) – exclude all IPv6 packets
– assuming you are troubleshooting IPv4 issues

ip – include only IPv4 packets

!(udp) – exclude all UDP packets


ip.src == – include only packets with source IP

ip.dst== – include only packets with destination IP

ip.addr == – include only packets with source OR destination IP

ip.addr == – include only local LAN packets, assuming local network is

Now we can combine some of the above as follows:

eth.dst == ff:ff:ff:ff:ff:ff && ip.src == – include all broadcasts sent by source address

ip.addr == && dns – include all DNS queries sent or received by

!(ipv6.version == 6) || !(udp) || eth.dst == ff:ff:ff:ff:ff:ff – exclude all IPv6, UDP and Broadcast packets

How do we come up with these complicated looking filters in the first place?

That’s easy.

Simply right-click on the parameter you are interesting in including or excluding, then “Apply as Filter” and then choose one of the various logic based options.  In the below example, we want to exclude all IPv6 packets, hence we chose the ‘Not Selected’ option, which populated our filter with the parameter:
!(ipv6.version == 6)

As you can see, the first screenshot has numerous IPv6 packets, and once the filter is applied, all IPv6 addresses are excluded (second screenshot).  All of the above examples were created using the same right-click menu, with some minor modifications.

The best part is that the right-click method can be used with almost all parameters of the packet, so the options for filtering packets are virtually limitless.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at

Up ↑

%d bloggers like this: