# Wireshark

## Filter where the source ip is not 192.168.1.1

```
ip.src != 192.168.1.1
```

## Filter where the destination ip is not 192.168.1.1

```
ip.dst != 192.168.1.1
```

## Find packets with a string in them

```
frame contains <thing to search>
```

For example:

```
frame contains google
```

Resource: [https://www.cellstream.com/reference-reading/tipsandtricks/431-finding-text-strings-in-wireshark-captures](https://www.cellstream.com/reference-reading/tipsandtricks/431-finding-text-strings-in-wireshark-captures)

## Show hostnames

Go to View -&gt; Name Resolution -&gt; Check the box next to Resolve Network Addresses

Resource: [https://unix.stackexchange.com/questions/390852/how-to-filter-by-host-name-in-wireshark](https://unix.stackexchange.com/questions/390852/how-to-filter-by-host-name-in-wireshark)

## Filter TLS traffic

```
ssl.record.version
```

If you want to only show TLS v1.2 traffic, then you would run:

```
ssl.record.version == 0x0303
```

## Versions:

0x0300 SSL 3.0  
0x0301 TLS 1.0  
0x0302 TLS 1.1  
0x0303 TLS 1.2  
Resource: [https://security.stackexchange.com/questions/190532/filter-tls-in-wireshark-or-other-monitoring-tool](https://security.stackexchange.com/questions/190532/filter-tls-in-wireshark-or-other-monitoring-tool)