# Revision history [back]

As noted in the user guide, there are two types of filters; capture filters that limit the traffic that is captured and display filters that limit the traffic that is displayed from a capture.

While a capture filter can be useful to limit the traffic under investigation, when troubleshooting certain issues the capture filter can drop packets that may be essential, e.g. icmp, so at first don't set a capture filter. The capture filter syntax is detailed here](http://www.tcpdump.org/manpages/pcap-filter.7.html), some examples can be found here and in general a port filter is port <port number>.

Display filter syntax is detailed here and some examples can be found here and a port filter for tcp is tcp.port == <port number> and for udp is udp.port == <port number>.

 2 No.2 Revision Guy Harris 19565 ●3 ●496 ●207

As noted in the user guide, there are two types of filters; capture filters that limit the traffic that is captured and display filters that limit the traffic that is displayed from a capture.

While a capture filter can be useful to limit the traffic under investigation, when troubleshooting certain issues the capture filter can drop packets that may be essential, e.g. icmp, so at first don't set a capture filter. The capture filter syntax is detailed here](http://www.tcpdump.org/manpages/pcap-filter.7.html), here, some examples can be found here and in general a port filter is port <port number>.

Display filter syntax is detailed here and some examples can be found here and a port filter for tcp is tcp.port == <port number> and for udp is udp.port == <port number>.