Here are some explanations to the filters we saw in the previous paragraph.

• Ethernet broadcasts: For Ethernet, broadcasts are packets that are sent to addresses with all 1s in the destination field, and this is why, to find all broadcasts in the network, we write the filter eth.dst == ffff.ffff.ffff.
• IPv4 multicast: IPv4 multicasts are packets that are sent to an address in the address range 224.0.0.0 to 239.255.255.255, that is, in binary, the address range 11100000.00000000.00000000.00000000 to 11101111.11111111.11111111.11111111.

For this reason, if you look at the binary representation, a destination multicast address is an address that starts with three 1s and a 0, and therefore a filter to IPv4 multicast destinations will be ip.dst == 224.0.0.0/4.

That is, an address that starts with four 1s (224), and a subnet mask of four bits (/4) will indicate a network address of 224 to 239 will filter multicast addresses.

• IPv6 multicasts: IPv6 multicasts are packets that are sent to an address that starts with ff (first two hex digits = ff), and then one digit flags and scope. Therefore, when we write the filter ipv6.dst == ff00::/8, it means to display all packets in IPv6 that are sent to addresses that start with the string ff, that is, IPv6 multicasts.