AppendixThe ip.addr syntax is a typical example of filtering on a property of a protocol.
There are many more. For example, if we want to filter by just the source address
rather than both the source and destination addresses, we can use the following
command:
http and (ip.src == 104.20.1.85 or ip.src == 104.20.0.85)To explore all the available protocols and their properties, click on the Expression...
button to the right of the filter box. In the left-hand pane of the window that appears,
we can see all the protocols listed, and we can expand one by clicking on the
corresponding triangle or + symbol, which will show its properties. In this
window, IP is listed as IPv4.
Inspecting packets
Getting back to our RFC downloader packets, let's close the expression window if
it's open, and turn our attention to the main window. After applying the http and
(ip.addr == 104.20.1.85 or ip.addr == 104.20.0.85) filter, we should see
two packets listed in the top section of the screen:
The first is the HTTP request that urlopen() sent to the server, and the second is the
server's HTTP response.