Search by specific bit in data field

I assume you are looking for a display filter. You can check for a specific bit value by using the "&" operator. For instance, if I want to see all packets with the SYN flag set, I can use the filter "tcp.flags&2". It will look at the second LSB of the TCP flags field and check whether the bit is set. If you don't want to see the SYN nor SYN/ACK packets, you can use "!tcp.flags&2".

Here are some more examples, as I do not know in which part of the data you want to look:

frame[0]&1
eth[6]&1
tcp[20]&64
!data[5]&4
tcp.seq&16384

(please note that the filters above are completely random)

In which data field do you need to test a bit value?

You can use data.data[index] to filter on bytes in the data section e.g. data.data[0]==05. If you want to go down to the bit layer you'd have to use multiple expressions like that to specify the ranges. Edit: Or use SYN-Bit's method ;)

e.g. first bit in data section == 1 --> data.data[0] can have a range from 80 to FF (1000 0000 to 1111 1111) --> data.data[0] >= 80

Assuming a display filter is required, you can use the logical and to mask out the bit you're interested in, e.g.

prot.field & 0x80

to mask out the top bit of a field.