Filter Options:

1. ip.addr == 172.16.1.1 
   This filters for any packet with 172.16.1.1, as either the source or destination.
2. ip.addr==172.16.1.1 && ip.addr==172.16.1.2
   This creates a conversation filter between the two defined IP addresses.
3. tcp.flags.reset==1 
   This filter will find and display all TCP resets.
4. tcp.port==5000 
   This creates a filter for any TCP packet with 5000 as a source or destination port.
5. tcp contains test 
   This filter will find and display all TCP packets that contain the word ‘test’. Very helpful when searching on a specific string or user ID, for example.
6. !(arp or icmp or dns) 
   This filter will mask out arp, icmp, or dns protocols. This is a great way to remove protocols from the view that are not involved with troubleshooting thus allowing you to focus on the traffic that may be the problem.
7. tcp.analysis.retransmission 
   This filter will display all retransmissions in the trace. This is helpful when tracking down slow application performance and packet loss.
8. icmp or dns - This creates a filter to display all icmp and dns packets in the trace.
9. http.request - This filter will find and display all HTTP GET requests.
10. udp contains 03:28:58 - This filter will find the HEX values of 0x03 0x28 0x58 at any offset in the packet trace.
11. tcp.analysis.lost_segment - This filter will indicate that wireshark has seen a gap in sequence numbers in the capture.