tcp contains facebook (Shows all TCP packets that contain the word “facebook”. This word could be replaced with any clear-text string you are searching for)http.request or http.response (This will display all HTTP request strings along with the response codes. Look for HTTP 500 and 404 responses as these indicate a problem)

http.time > 2 (Displays all HTTP responses that were sent more than 2 seconds after the request. Awesome way to measure HTTP performance!! Also great to add as a column)

!(arp or dns or icmp) – (Masks out arp, dns, icmp, or whatever other protocols that may be clouding an issue)

tcp.stream eq 0 (This is best to apply by right-clicking a TCP packet in a connection that you want to display and selecting Follow | TCP Stream. This will display all packets in the TCP conversation as well as the packet content if not encrypted)

One more – I know this is 11, but it’s a great one too.

sip or rtp (This displays all sip control and rtp frames in the trace)

http.request This filter will find and display all HTTP GET requests.

udp contains 03:28:58 This filter will find the HEX values of 0x03 0x28 0x58 at any offset in the packet trace.

icmp or dns This creates a filter to display all icmp and dns packets in the trace.

tcp.analysis.retransmission This filter will display all retransmissions in the trace. This is helpful when tracking down slow application performance and packet loss.

tcp.port==5000 This creates a filter for any TCP packet with 5000 as a source or destination port.

tcp.flags.reset==1 This filter will find and display all TCP resets.