joshschmelzle/wireshark-notes-and-cheatsheet.md

## wireshark-notes-and-cheatsheet.md

      
    Raw
  

              wireshark-notes-and-cheatsheet.md
            
          
    Display Filters

Wildcards
wlan.vs.aruba.ap_name ~ "name."
wlan.vs.aruba.ap_name matches "name."

Multicast
ip.dst==224.0.0.0/4

WMM OUI
wlan.tag.oui == 0x0050f2

Retries
wlan.fc.retry eq 1

Display Filter Macro

Enter macros by going to Analyze -> Display Filter Macros
Find

Display Filter Sytnax:

${macroname:<SearchTerm>}

Display Filter Macro:

Name: find
Text: (data-text-lines contains $1 || frame contains $1 || tcp contains $1)

Usage Example:

${find:"example ssid"}