Display Filters

Question 1

Host - IP Address

Answer 1

ip.addr == 10.0.0.1

Question 2

Source IP Address of Host

Answer 2

ip.src == 10.0.0.3

Question 3

Destination Address of Host

Answer 3

ip.dst == 10.0.0.5

Question 4

TCP Port

Answer 4

tcp. port==443

tcp. port eq 80

Question 5

To display all TCP resets

Answer 5

tcp.flags.reset==1

Question 6

Displays all TCP packets that contain a certain term

Answer 6

tcp contains xxx

tcp contains 00:00:01

Question 7

Display to filters all HTTP GET and POST requests

Show the most accessed webpages.

Answer 7

http.request

Question 8

To filter out certain types of protocols

ARP+DNS+ICMP

Answer 8

!(arp or icmp or dns)

Question 9

Indicates which DNS requests was not correctly resolved.

Answer 9

dns.flags.rcode != 0

Question 10

Network IP Address Filter (Source)

Answer 10

ip.src==192.168.0.0/16

Question 11

Network IP Address Filter (Dest)

Answer 11

ip.dst==192.168.0.0/16

Question 12

TCP buffer full

Source is instructing Destination to stop sending data

Answer 12

tcp.window_size == 0 && tcp.flags.reset != 1

Question 13

GT / LT / GE / LE

Answer 13

frame. len > 10
frame. len < 128
frame. len ge 0x100
frame. len le 0x20

Question 14

Membership Operator (in)

Answer 14

tcp. port in {80 443 8080}

tcp. port in {443 4430..4434}

Question 15

First Three Connection Establishment Packet

Answer 15

tcp.flags.syn==1 or (tcp.seq==1 and tcp.ack==1 and tcp.len==0 and tcp.analysis.initial_rtt)

Question 16

TCP buffer full

Source is instructing Destination to stop sending data

Answer 16

tcp.window_size == 0 && tcp.flags.reset != 1