Wireshark · Wireshark-users: Re: [Wireshark-users] Capture filter for ARP, DNS and PING

[Guy Harris <guy@xxxxxxxxxxxx>]

nilay yildirim wrote:

> How can I set up a capture filter just to capture ARP, DNS and PING?

"DNS" generally means "traffic to or from the Domain Name System port", 
and "PING" generally means "ICMP Echo and Echo Reply packets", so:

	arp or port domain or icmp[icmptype] = icmp-echo or icmp[icmptype] = 
icmp-echoreply