Wireshark

Wireshark is a powerful tool for analyzing and troubleshooting network traffic. It allows you to capture and analyze packets in real-time, and it provides a wide range of filters that can be used to focus on specific traffic of interest.

Here are some examples of common Wireshark filters:

• ip.addr == 1.2.3.4: This filter matches all packets with the specified IP address (in this case, 1.2.3.4). You can use this filter to focus on traffic to or from a specific host.
• tcp.port == 80: This filter matches all TCP packets with the destination or source port set to 80, which is the default port for HTTP traffic.
• http: This filter matches all HTTP traffic.
• dns: This filter matches all DNS traffic.
• icmp: This filter matches all ICMP traffic.
• udp: This filter matches all UDP traffic.

You can also use logical operators such as and, or, and not to combine filters. For example, (ip.addr == 1.2.3.4 or ip.addr == 5.6.7.8) and tcp.port == 80 would match all TCP packets with a destination or source port of 80 to or from either 1.2.3.4 or 5.6.7.8.