Evil_TTL> show | s

Wireshark

Category:Tools -> Diagnostics

Some most frequently used regular expressions for Wireshark:

ip.addr == <IP address// filter by IP address

eth.addr == xx:xx:xx:xx:xx:xx // filter by mac address

eth.addr[0:3]==00:06:5B // limit by manufacturer, e.g. DELL

bootp.option.type == 53 // show all DHCP packets

tcp.port eq <port #> // filter by TCP port #

udp.port // filter by UDP port

ip.src==192.168.0.0/16 and ip.dst==192.168.0.0/16 // show all LAN traffic

icmp // show all ICMP traffic

arp // show all ARP requests 

Filtering DSCP:

ip.dsfield.dscp==<decimal value

DSCP_Values.jpg

E.g. to filter EF traffic:

ip.dsfield.dscp==46 
By privilege15