I found this youtube video very useful to learn some of the most common WireShark filters.
- tcp,port == 443
- dns or http
- ip.addr
- ip.src
- ip.dest
- tcp.analysis.flags
- !(apr or dns or icmp)
- tcp contains facebook
- dns contains facebook
- http.request
- http.response
- http.response.code == 200
- tcp.flags.syn == 1 [ useful to identify SYN attack]
- tcp.flags.reset == 1
- sin && rtp
1,115 total views, 2 views today