Wireshark and tcpdump Reference

Wireshark and tcpdump are extremely powerful network troubleshooting tools. Here are some command examples that may be useful.

Wireshark Display Filters

Show all ARP:
Show ARP from a specific MAC:
arp.src.hw_mac == 00:16:D3:4A:CE:7D
Show all traffic to a specific IP:
ip.src ==
Show all traffic to/from a specific IP:
ip.addr ==
Show only SYN packets:
Show all web traffic:
tcp.port == 80