The Wireshark regular expression syntax for display filters uses the same syntax as regular expressions in Perl.

Some common modifiers are as follows:

• ^: Match the beginning of the line
• $: Match the end of the line
• |: Alternation
• (): Grouping
• *: Match zero or more times
• +: Match one or more times
• ?: Match one or zero times
• {n}: Match exactly n times
• {n,}: Match at least n times
• {n,m}: Match at least n but not more than m times

You can use these modifiers for configuring more complex filters. For examples, look for HTTP GET commands that contain ZIP files:

http.request.method == "GET" && http matches ".zip" && !(http.accept_encoding == "gzip, deflate")

Look for HTTP messages that contain websites that end with .com:

http.host ...