Wireshark filter for filtering both destination-source IP address and the protocol

Question

I want to filter Wireshark's monitoring results according to a filter combination of source, destination ip addresses and also the protocol. So, right now I'm able to filter out the activity for a destination and source ip address using this filter expression: (ip.dst == xxx.xxx.xxx.xxx && ip.src == xxx.xxx.xxx.xxx) || (ip.dst == xxx.xxx.xxx.xxx && ip.src == xxx.xxx.xxx.xxx)

This gives me request response activity of the 2 ip addresses which are destination and source both depending upon whether it is a request or a response. But now, I am getting results for HTTP and TCP both. I want to see results only for HTTP.

Any suggestions how to do that?

Answer 1

(ip.dst == xxx.xxx.xxx.xxx && ip.src == xxx.xxx.xxx.xxx) || (ip.dst == xxx.xxx.xxx.xxx && ip.src == xxx.xxx.xxx.xxx) && http

Answer 2

I like (ip.addr==XXX.XXX.XXX.XXX && http) for a single host. You could also do (ip.addr==XXX.XXX.XXX.XXX or XXX.XXX.XXX.XXX && http) for two hosts.