{"id":138289,"date":"2025-04-15T15:24:10","date_gmt":"2025-04-15T09:54:10","guid":{"rendered":"https:\/\/www.vskills.in\/certification\/tutorial\/?page_id=138289"},"modified":"2025-04-15T15:24:11","modified_gmt":"2025-04-15T09:54:11","slug":"capture-filters","status":"publish","type":"page","link":"https:\/\/www.vskills.in\/certification\/tutorial\/capture-filters\/","title":{"rendered":"Capture Filters"},"content":{"rendered":"\n

Capture filters are a powerful feature in Wireshark that allow you to specify exactly which network traffic should be captured and stored. Unlike display filters, which are applied to data after<\/em> it has been captured, capture filters operate at the level of the packet capture engine, preventing unwanted traffic from even being recorded. Using effective capture filters is crucial for optimizing performance, conserving disk space, and focusing your analysis on the relevant data.<\/p>\n\n\n\n

Syntax and Structure<\/strong><\/h2>\n\n\n\n

Capture filters are based on a Berkeley Packet Filter (BPF) syntax. While the full BPF syntax can be quite complex, Wireshark provides a user-friendly way to create common filters using keywords and operators. Here are some fundamental concepts:<\/p>\n\n\n\n

    \n
  • Primitives:<\/strong> These are basic expressions that specify a particular attribute of a packet. Common primitives include:\n
      \n
    • host <hostname> or <ip><\/code>: Matches traffic to or from the specified host.<\/li>\n\n\n\n
    • net <network> or <ip>\/<mask><\/code>: Matches traffic within the specified network.<\/li>\n\n\n\n
    • port <port><\/code>: Matches traffic using the specified TCP or UDP port.<\/li>\n\n\n\n
    • src <hostname> or <ip><\/code>: Matches traffic originating from the specified host.<\/li>\n\n\n\n
    • dst <hostname> or <ip><\/code>: Matches traffic destined for the specified host.<\/li>\n\n\n\n
    • src port <port><\/code>: Matches traffic originating from the specified port.<\/li>\n\n\n\n
    • dst port <port><\/code>: Matches traffic destined for the specified port.<\/li>\n\n\n\n
    • proto <protocol><\/code>: Matches traffic of the specified protocol (e.g., tcp<\/code>, udp<\/code>, icmp<\/code>, arp<\/code>).<\/li>\n\n\n\n
    • ether src <mac><\/code>: Matches traffic originating from the specified MAC address.<\/li>\n\n\n\n
    • ether dst <mac><\/code>: Matches traffic destined for the specified MAC address.<\/li>\n\n\n\n
    • vlan <vlan_id><\/code>: Matches traffic belonging to the specified VLAN.<\/li>\n<\/ul>\n<\/li>\n\n\n\n
    • Operators:<\/strong> These combine primitives to create more complex filters:\n
        \n
      • and<\/code> or &&<\/code>: Both conditions must be true.<\/li>\n\n\n\n
      • or<\/code> or ||<\/code>: At least one of the conditions must be true.<\/li>\n\n\n\n
      • not<\/code> or !<\/code>: Negates the following condition.<\/li>\n<\/ul>\n<\/li>\n\n\n\n
      • Parentheses:<\/strong> Used to group expressions and control the order of evaluation.<\/li>\n<\/ul>\n\n\n\n

        Common Capture Filter Examples<\/strong><\/h2>\n\n\n\n
          \n
        • Capture traffic to or from a specific IP address:<\/strong> host 192.168.1.100<\/code><\/li>\n\n\n\n
        • Capture traffic within a specific network range:<\/strong> net 192.168.1.0\/24<\/code><\/li>\n\n\n\n
        • Capture traffic on a specific TCP port (e.g., HTTP on port 80):<\/strong> tcp port 80<\/code><\/li>\n\n\n\n
        • Capture traffic on a specific UDP port (e.g., DNS on port 53):<\/strong> udp port 53<\/code><\/li>\n\n\n\n
        • Capture ICMP traffic (used by ping):<\/strong> icmp<\/code><\/li>\n\n\n\n
        • Capture traffic between two specific hosts:<\/strong> host 192.168.1.10 and host 10.0.0.5<\/code><\/li>\n\n\n\n
        • Capture HTTP or HTTPS traffic:<\/strong> tcp port 80 or tcp port 443<\/code><\/li>\n\n\n\n
        • Capture all traffic except to a specific host:<\/strong> not host 192.168.1.1<\/code><\/li>\n\n\n\n
        • Capture traffic from a specific MAC address:<\/strong> ether src 00:11:22:<\/code><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"

          Capture filters are a powerful feature in Wireshark that allow you to specify exactly which network traffic should be captured and stored. Unlike display filters, which are applied to data after it has been captured, capture filters operate at the level of the packet capture engine, preventing unwanted traffic from even being recorded. Using effective…<\/p>\n","protected":false},"author":16,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"categories":[],"tags":[],"class_list":["post-138289","page","type-page","status-publish","hentry"],"acf":[],"yoast_head":"\nCapture Filters - Tutorial<\/title>\n<meta name=\"description\" content=\"Understand wireshark more accurately by exploring and understanding the types and examples of Capture Filters Now!\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.vskills.in\/certification\/tutorial\/capture-filters\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Capture Filters - Tutorial\" \/>\n<meta property=\"og:description\" content=\"Understand wireshark more accurately by exploring and understanding the types and examples of Capture Filters Now!\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.vskills.in\/certification\/tutorial\/capture-filters\/\" \/>\n<meta property=\"og:site_name\" content=\"Tutorial\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/vskills.in\/\" \/>\n<meta property=\"article:modified_time\" content=\"2025-04-15T09:54:11+00:00\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/capture-filters\/\",\"url\":\"https:\/\/www.vskills.in\/certification\/tutorial\/capture-filters\/\",\"name\":\"Capture Filters - Tutorial\",\"isPartOf\":{\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/#website\"},\"datePublished\":\"2025-04-15T09:54:10+00:00\",\"dateModified\":\"2025-04-15T09:54:11+00:00\",\"description\":\"Understand wireshark more accurately by exploring and understanding the types and examples of Capture Filters Now!\",\"breadcrumb\":{\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/capture-filters\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.vskills.in\/certification\/tutorial\/capture-filters\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/capture-filters\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.vskills.in\/certification\/tutorial\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Capture Filters\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/#website\",\"url\":\"https:\/\/www.vskills.in\/certification\/tutorial\/\",\"name\":\"Tutorial\",\"description\":\"Vskills - A initiative in elearning and certification\",\"publisher\":{\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.vskills.in\/certification\/tutorial\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/#organization\",\"name\":\"Vskills\",\"url\":\"https:\/\/www.vskills.in\/certification\/tutorial\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.vskills.in\/certification\/tutorial\/wp-content\/uploads\/2017\/07\/vskills-min-logo.jpg\",\"contentUrl\":\"https:\/\/www.vskills.in\/certification\/tutorial\/wp-content\/uploads\/2017\/07\/vskills-min-logo.jpg\",\"width\":73,\"height\":55,\"caption\":\"Vskills\"},\"image\":{\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/vskills.in\/\",\"https:\/\/x.com\/vskills_in\",\"https:\/\/www.linkedin.com\/company-beta\/1371554\/\",\"https:\/\/www.youtube.com\/channel\/UCMWnscxPwRF_PqXo9B7q_Tw\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Capture Filters - Tutorial","description":"Understand wireshark more accurately by exploring and understanding the types and examples of Capture Filters Now!","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.vskills.in\/certification\/tutorial\/capture-filters\/","og_locale":"en_US","og_type":"article","og_title":"Capture Filters - Tutorial","og_description":"Understand wireshark more accurately by exploring and understanding the types and examples of Capture Filters Now!","og_url":"https:\/\/www.vskills.in\/certification\/tutorial\/capture-filters\/","og_site_name":"Tutorial","article_publisher":"https:\/\/www.facebook.com\/vskills.in\/","article_modified_time":"2025-04-15T09:54:11+00:00","twitter_misc":{"Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.vskills.in\/certification\/tutorial\/capture-filters\/","url":"https:\/\/www.vskills.in\/certification\/tutorial\/capture-filters\/","name":"Capture Filters - Tutorial","isPartOf":{"@id":"https:\/\/www.vskills.in\/certification\/tutorial\/#website"},"datePublished":"2025-04-15T09:54:10+00:00","dateModified":"2025-04-15T09:54:11+00:00","description":"Understand wireshark more accurately by exploring and understanding the types and examples of Capture Filters Now!","breadcrumb":{"@id":"https:\/\/www.vskills.in\/certification\/tutorial\/capture-filters\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.vskills.in\/certification\/tutorial\/capture-filters\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.vskills.in\/certification\/tutorial\/capture-filters\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.vskills.in\/certification\/tutorial\/"},{"@type":"ListItem","position":2,"name":"Capture Filters"}]},{"@type":"WebSite","@id":"https:\/\/www.vskills.in\/certification\/tutorial\/#website","url":"https:\/\/www.vskills.in\/certification\/tutorial\/","name":"Tutorial","description":"Vskills - A initiative in elearning and certification","publisher":{"@id":"https:\/\/www.vskills.in\/certification\/tutorial\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.vskills.in\/certification\/tutorial\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.vskills.in\/certification\/tutorial\/#organization","name":"Vskills","url":"https:\/\/www.vskills.in\/certification\/tutorial\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.vskills.in\/certification\/tutorial\/#\/schema\/logo\/image\/","url":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-content\/uploads\/2017\/07\/vskills-min-logo.jpg","contentUrl":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-content\/uploads\/2017\/07\/vskills-min-logo.jpg","width":73,"height":55,"caption":"Vskills"},"image":{"@id":"https:\/\/www.vskills.in\/certification\/tutorial\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/vskills.in\/","https:\/\/x.com\/vskills_in","https:\/\/www.linkedin.com\/company-beta\/1371554\/","https:\/\/www.youtube.com\/channel\/UCMWnscxPwRF_PqXo9B7q_Tw"]}]}},"_links":{"self":[{"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/pages\/138289","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/users\/16"}],"replies":[{"embeddable":true,"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/comments?post=138289"}],"version-history":[{"count":2,"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/pages\/138289\/revisions"}],"predecessor-version":[{"id":138303,"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/pages\/138289\/revisions\/138303"}],"wp:attachment":[{"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/media?parent=138289"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/categories?post=138289"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/tags?post=138289"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}