When we have a very high data collection, the filters allow us to show only those packages that fit our search criteria. We can distinguish between capture filters and display filters depending on the syntax with which each of them is governed.

The capture filters are supported directly on libpcap libraries such as tcpdump or Snort, so they depend directly on them to define the filters. For this reason, we can use Wireshark to open files that are generated by tcpdump or by those applications that make use of them.

The most basic way to apply a filter is by typing its name into the filter box at the top of the window. For example, type dns and you will see only DNS packets.

The following is a screenshot of the dns filter:

You can also click on the Analyze menu and select Display Filters to see the filters that are created by default.

In the following screenshot, we can see the display filters that we can apply when capturing packets with Wireshark: