Wireshark is a common tool used by developers, network administrators, students, and security analysts. Network administrators use Wireshark to investigate the many issues that can surface and cause the network to degrade or spread malware. 

For example, some handy display filters include the following:

• http.request: This searches the capture file for any HTTP GET or POST requests.
• tcp.port==xxx: Use this filter if you are monitoring TCP traffic by using a specific port.
  
• tcp.stream eq X: This filter will follow a specific stream, where X is the stream index.
• !(arp or icmp or dns): This filter will eliminate arp, dns, and icmp traffic.
• vlan.id ==X: This shows a specific vlan.

Wireshark also provides a handy drag-and-drop feature where you can simply drag a field from the packet tree and drop it into the display filter.

In addition to display filters, there are times when capture filters are appropriate to collect specific traffic, such as the following:

• port ftp || port ftp-data: This will capture FTP traffic.
• ip host x.x.x.x: This will capture traffic from a specific host.
• ip multicast: This will capture multicast traffic.

The Wireshark Wiki also lists several capture filters that are used to detect malware. For example, dst port 135 and tcp port 135 and ip[2:2]==48 will display evidence of the Blaster Worm.

There are many ways to filter traffic to only display the traffic you want to see, which helps remove the unnecessary traffic and improve your analysis skills. Depending on the type of network you work with on a daily basis, you will most likely build your own arsenal of filters.