LayerView: Filter Expressions.

Filter expressions allow you to specify group of packets which match a certain set of criteria. They are used by LayerView's packet filtering feature to hide packets which aren't of interest, and by packet colouring to change how different packets appear in the Low Level view.

Value from protocols can be combined using boolean logic to produce a flexible all-encompassing filter expression.

A comprehensive list of supported values can be found here. In general they are all in protocol-dot-value format, for example tcp.srcport or dns.opcode.

Note 1: To display only packets implementing a specific protocol, simply specify the name of the protocol. For example to show only TCP packets, enter tcp.

Note 2: If a packet does not implement a protocol mentioned in a filter expression, then that part of the filter expression is deemed to be false. For example icmp.type=8 would not match any TCP packets. The same applies to icmp.type!=8.

Examples

dns - shows only DNS packets

ipv4.srcaddr=192.168.0.1 - shows only packets with a source IPv4 address of 192.168.0.1

ipv4.srcaddr=192.168.0.1 or ipv4.dstaddr=192.168.0.1 - shows packets to or from IPv4 address 192.168.0.1

(ipv4.srcaddr=192.168.0.1 and tcp.srcport=80) or (ipv4.dstaddr=192.168.0.1 and tcp.dstport=80) - shows TCP packets to or from address 192.168.0.1, port 80.