This post is quite short as the name of it is pretty self explanatory. Many of these filters i’ll use the next posts. This is just a place for all the filters.(names and values are only as an example)
tcp.analysis.retransmission tcp.analysis.duplicate_ack_frame tcp.flags.reset == 1 dns.flags.rcode > 0 dns.a dns.cname dns.qry.name == example.com dns.resp.name == example.com dns.resp.name == example.com and dns.time > 0.01 http.response.code > 399 ((tcp.time_delta >.3) and (tcp.flags.fin == 0)) and (tcp.flags.reset==0) tcp.flags.syn == 1 http.request.method == "GET" or http.request.method == "POST" http.request or http.response tcp.analysis.zero_window tcp.time_delta > 0.3
