WireShark
Wireshark is a network packet analyzer. A network packet analyzer will try to capture network packets and tries to display that packet data as detailed as possible.
We are using a filter to purify output from raw data.
Some Examples are:-
Using IP addaress
ip.addr==103.47.54.XX
Using IP version and TCP port number with and operator
ipv6.dst==64:ff9b::672f:3612 && tcp.port==443
ipv6.dst==64:ff9b::672f:3612 && tcp.port==443
Using IP address with not sign(!)
! ( ip.addr == 10.43.54.XX )
! (ip.src == 10.43.54.XX or ip.dst == 10.43.54.XX)
Using TCP port and source IP
tcp.port==80 and ip.src == 10.224.27.XX
Using HTTP request with Uniform Resource Identifier(uri)
http.request.uri contains "fenixdv"
Using HTTP response code
http.response.code == 200
Using HTTP content type
http.content_type == "image/gif"
Using HTTP method(GET or POST)
http.request.method == GET
http.request.method == POST
Using the frame contains
frame contains feenixdv.com
You can also download "Wireshark_Display_Filters".
Source:- http://packetlife.net