Source: /cirosantilli/wireshark-capture-filter

= Wireshark capture filter

Capture by instead:
``
sudo wireshark -f http -k
sudo wireshark -f icmp -k
``

Filter by both protocol and host:
``
sudo wireshark -f 'host 192.168.1.102 and icmp' -k
``

For <application layer> capture filtering, the best you can do is by port:
``
sudo wireshark -f 'tcp port 80'
``
There is an `http` filter but only for as a <wireshark display filter>