Wireshark Filters

Membership filter

ip.addr == 8.8.8.8 or ip.addr == 9.9.9.9

ip.addr in {8.8.8.8, 9.9.9.9}

is equals to

Range in membership

Ex: if we need the packets that has the tcp ports from 47640 to 47650 (47640-47650)

tcp.port in {47640..47650}

contains

contains is case sensitive

matches

macthes is case insensitive

Packets that contains the string .org or .com

So here they haven't specified any particular protocols to look for example they haven't asked about tcp or udp or something. So we started from the ethernet frame itself.