Have you tried this?

```
(wlan.ta[0:1] & 2) and !(wlan.ta[0:1] & 1)
```

**EDIT**: @TheDancingBard asked for an explanation, so I've added some more details here. Since I don't know what is known already and what isn't, I've tried to explain every detail.

First off, I didn't bother to look at RFC7402 Section 2.1 as mentioned in Issue 17246 that @Chuckc mentioned; I just looked at the patterns of interest, namely:

```
XA:XX:XX:XX:XX:XX
XE:XX:XX:XX:XX:XX
X2:XX:XX:XX:XX:XX
X6:XX:XX:XX:XX:XX
```

`wlan.ta`

consists of 6 bytes, numbered 0 through 5. From the above data, it's clear that the only byte of interest is the 1st byte, so I used the *Slice* Operator to isolate the 1st byte of that field as follows: `wlan.ta[0:1]`

. But we're not interested in the entire byte, only the least-significant 2 bits of the byte, bits 1 and 0 (with bits number 7 through 0 from left-to-right), so I used the *Bitwise And* Operator to check each bit of interest. In the case of `2`

, `6`

, `A`

and `E`

, all values have bit 1 set to 1 and bit 0 set to 0, so I test each one in turn.

This will return true for all bytes where bit 1 is set: `(wlan.ta[0:1] & 2)`

And this will return true for all bytes where bit 0 is not set: `!(wlan.ta[0:1] & 1)`

Since we require *both* conditions to be true, the expressions must be *and*'d together, so we end up with the complete filter above, namely `(wlan.ta[0:1] & 2) and !(wlan.ta[0:1] & 1)`

.

Now, if Wireshark supported the following construct, we could improve the filtering even more: `(wlan.ta[0] & 3) == 2`

. Unfortunately, this isn't supported ... yet? Perhaps an enhancement bug report could be filed for this.

An aside: How do we know we're looking for patterns where bit 1 is set and bit 0 is not set? Well, the easiest way is probably to draw a Karnaugh Map or "Truth Table". First, as a reminder, let's write all 16 possible values for a nibble in binary, with the 4 values of interest, 2, 6, A and E marked:

```
b3 b2 b1 b0
---------------------
0 0 0 0 0
1 0 0 0 1
2 0 0 1 0 *
3 0 0 1 1
4 0 1 0 0
5 0 1 0 1
6 0 1 1 0 *
7 0 1 1 1
8 1 0 0 0
9 1 0 0 1
A 1 0 1 0 *
B 1 0 1 1
C 1 1 0 0
D 1 1 0 1
E 1 1 1 0 *
F 1 1 1 1
---------------------
```

A naive approach to filtering would be to simply check all 4 bits of the nibble ... (more)

It this the same discussion as 17246 - More granular filtering for MAC addresses