This post is quite short as the name of it is pretty self-explanatory. Many of these filters I’ll use the next posts. This is just a place for all the filters. (names and values are only an example)
tcp.analysis.retransmission
tcp.analysis.duplicate_ack_frame
tcp.flags.reset == 1
dns.flags.rcode > 0
dns.a
dns.cname
dns.qry.name == example.com
dns.resp.name == example.com
dns.resp.name == example.com and dns.time > 0.01
http.response.code > 399
((tcp.time_delta >.3) and (tcp.flags.fin == 0)) and (tcp.flags.reset==0)
tcp.flags.syn == 1
http.request.method == "GET" or http.request.method == "POST"
http.request or http.response
tcp.analysis.zero_window
tcp.time_delta > 0.3
