• Start the Wireshark by selecting the network we want to analyze or opening any previously saved captured file.
• Now go into the Wireshark and click on Analyze → Display Filter Expression menu or toolbar item.

This will open up the Display Filter Expression dialogue box.

The following are the fields available in the Display Filter Expression dialogue box.

• Field Name: It has all the available protocols listed from which we can select a protocol field from the protocol field tree. We can search for a specific protocol just by entering the first few letters of the protocol name in the search box.  There are many field names available for filtering for that protocol.
• Relation: We can select a relation from the list of available relations. The “is present” is a unary relation that is either true/false based on whether the selected field is present or not. While the other listed relations are binary which require additional data like some value or range to complete.
• Value: We can enter a valid value in the Value text box in case we are using any binary relation. The Value will also indicate the type of value for the Field Name.
• Predefined Values: It will display the pre-defined values if it is available for the selected protocol.
• Range (offset: length):  A range of integers or a group of ranges, such as 1-12 or 39-42,98-2000.