Wireshark

# filter by ip adress
ip.addr == <IP Address>
not ip.addr == <IP Address>

# filter by source ip and destination ip
ip.src == <SRC IP> and ip.dst == <DST IP>

# filter by port
tcp.port eq <Port>

# filter by protocol
<protocol name>

# filter by protocol and specific domain
http contains google.com

# filter by request method
http.request.method == GET

# filter by arp opcode
arp.opcode == 2

# filter DNS
udp.port == 53
dns
dns.txt

#filter FTP
tcp.port == 21
ftp
ftp-data

# filter packet length
frame.len==101

#filter packet number
frame.number==7117

# filter packet time
(frame.time >= "Jul 5, 2022 01:01:28") && (frame.time <= "Jul 5, 2022 01:01:29")

# analyse pcap with tshark in commandline
tshark -r example.pcapng -T fields -e frame.number -e ip.src -e tcp.dstport -e modbus.func_code -e modbus.data -E separator=, > pcap_analysis.csv