Skip to content
Wireshark Cheat Sheet
Display Filters
Operator Description Example eq or == Equal ip.dest == 192.168.1.1 ne or != Not equal ip.dest != 192.168.1.1 gt or > Greater than frame.len > 10 it or < less than frame.len < 10 ge or >= Greater than or equal frame.len >= 10 le or <= Less than or equal frame.len <= 10
Filtering Commands
Usage Filter Syntax Wireshark Filter by IP ip.add == 192.168.1.1 Filter by Destination IP ip.dest == 192.168.1.1 Filter by Source IP ip.src == 192.168.1.1 Filter by IP range ip.addr >= 192.168.1.1 and ip.addr <=192.168.1.123 Filter by Multiple Ips ip.addr == 192.168.1.1 and ip.addr == 192.168.1.123 Filter out IP adress ! (ip.addr == 192.168.1.1) Filter subnet ip.addr == 192.168.1.1/24 Filter by port tcp.port == 80 Filter by destination port tcp.dstport == 80 Filter by ip adress and port ip.addr == 192.168.1.1 and Tcp.port == 80 Filter by URL http.host == “name” Filter by time stamp frame.time >= “Dec 24, 2025 12:00:00” Filter SYN flag Tcp.flags.syn == 1 and tcp.flags.ack ==0 Wireshark Beacon Filter wlan.fc.type_subtype = 0x08 Wireshark broadcast filter eth.dst == ff:ff:ff:ff:ff:ff Wireshark multicast filter (eth.dst[0] & 1) Host name filter ip.host = hostname MAC address filter eth.addr == xx:xx:xx:xx:xx:xx RST flag filter tcp.flag.reset == 1
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it. Accept Privacy Policy
