quick example:
display filter “ip.src == 10.10.10.10 or ip.dst == 10.10.10.10”
jimmie has pointed out that using “ip.addr == 10.10.10.10” is simpler

ip.addr == 10.10.10.0/24 will list all addresses for a particular network
tcp.port eq 636 will list all entries for a particular port
typing a protocol name such as “ldap” or “ssl” will filter on those protocols

more examples here:
http://wiki.wireshark.org/DisplayFilters

apparently it is possible to decrypt SSL packets if you have the appropriate private key:
https://wiki.wireshark.org/SSL#SSL_dissection_in_Wireshark

Comments are closed.