The way capture filters work with source host and destination host is simple—the capture engine simply compares the condition with the actual MAC addresses, and passes only what is relevant.

A broadcast address is an address in which the destination address is all 1s, that is, ff:ff:ff:ff:ff:ff:ff, therefore, when you configure a broadcast filter, only these addresses will pass the filter. Broadcast addresses can be:

• Layer 3 IPv4 broadcast that is converted to layer 2 broadcast; for example, IP packet to 10.0.0.255, which will be converted to layer 2 broadcast in the destination MAC field
• A network-related broadcast; for example, IPv4 Address Resolution Protocol (ARP), that sends a broadcast as a part of network operation

In a multicast filter, there are IPv4 and IPv6 multicasts:

• In IPv4, a multicast MAC address is transmitted when the MAC address starts with the string 01:00:5e. Every packet with a MAC address that starts with this string will be considered a multicast.
• In IPv6, a multicast address is transmitted when the MAC address starts with the string 33:33. Every packet with a MAC address that starts with this string will be considered a multicast.

Ethernet protocol refers to the ether type field in the Ethernet packet that indicates what will be the upper layer protocol. Common values here are 0800 for IPv4, 86dd for IPv6, and 0806 for ARP and others. An updated list of ether types can be found at: http://www.iana.org/assignments/ieee-802-numbers/ieee-802-numbers.xhtml.