Wireshark Filters

http.host matches [a-zA-Z0-9._%+-]
[0-9]{1,2}.[0-9]{1,3}.[0-9]{1,2}.[0-9]{1,3} 

Show only SMTP (port 25) and ICMP traffic:

  • tcp.port eq 25 or icmp

Show only traffic in the LAN (192.168.x.x), between workstations and servers — no Internet:

  • ip.src==192.168.0.0/16 and ip.dst==192.168.0.0/16