Filtering by MAC address in Wireshark is very useful, this is how you may show all network packets from a certain device.
This is shown below, this is a simple filter.
wlan.sa == e0:b9:e5:6e:d3:69And this is another example.
wlan.sa == 78:45:61:93:4b:56A very useful Wireshark trick.
Filter by IP address
Another one is to filter by a certain IP address, this is how to do this.
ip.addr == 192.168.1.1To filter by the source IP, use this filter.
ip.src == 192.168.1.5Filtering for TCP packets requires a different approach. This is the filter you would use.
ip.proto == 6To filter for a destination MAC address using Wireshark, use this filter. This filters all packets destined for the gateway device on the network in my case.
eth.dst == c8:14:51:5f:a9:47To filter all packets coming from a certain MAC address, use this filter.
eth.src == fc:34:97:a5:bc:7eIP protocol numbers
Wireshark uses protocol numbers to identify different network layer protocols when analyzing captured packets. Here is a list of common IP protocol numbers and their corresponding protocols:
| Protocol Number | Protocol |
|---|---|
| 1 | ICMP |
| 6 | TCP |
| 17 | UDP |
| 41 | IPv6 |
| 50 | ESP (Encapsulating Security Payload) |
| 51 | AH (Authentication Header) |
| 89 | OSPF (Open Shortest Path First) |
| 132 | SCTP (Stream Control Transmission Protocol) |
Please note that this is not an exhaustive list, and there are many other IP protocols with assigned numbers. The above list includes some of the commonly encountered protocols. You can refer to the IANA Protocol Numbers for a comprehensive list of protocol numbers and their assignments.