Top 10 Wireshark Fileters

I found this youtube video very useful to learn some of the most common WireShark filters.

  • tcp,port == 443
  • dns or http
  • ip.addr
  • ip.src
  • ip.dest
  • tcp.analysis.flags
  • !(apr or dns or icmp)
  • tcp contains facebook
  • dns contains facebook
  • http.request
  • http.response
  • http.response.code == 200
  • tcp.flags.syn == 1 [ useful to identify SYN attack]
  • tcp.flags.reset == 1
  • sin && rtp