Some most frequently used regular expressions for Wireshark:
ip.addr == <IP address> // filter by IP address
eth.addr == xx:xx:xx:xx:xx:xx // filter by mac address
eth.addr[0:3]==00:06:5B // limit by manufacturer, e.g. DELL
bootp.option.type == 53 // show all DHCP packets
tcp.port eq <port #> // filter by TCP port #
udp.port // filter by UDP port
ip.src==192.168.0.0/16 and ip.dst==192.168.0.0/16 // show all LAN traffic
icmp // show all ICMP traffic
arp // show all ARP requests
Filtering DSCP:
ip.dsfield.dscp==<decimal value>
E.g. to filter EF traffic:
ip.dsfield.dscp==46
Capture frames of certain length and filter DF-bit flag:
ip.flags.df==1
frame.cap_len >= 1492 && frame.cap_len <=1495
