Packet Basics BPF Syntax

In addition to querying packets directly by MAC, Ethertype, IP, IP protocol, and port, you can query packets with the same Berkeley Packet Filter (BPF) syntax as offered by the ExtraHop Trace Appliance.

Please see this article on docs.extrahop.com for a list of supported BPF queries.