Which filter would match frames containing common file types like pdf or zip?

The main idea is to search the frame payload for signs of specific file types. To catch frames that carry files like pdf or zip, you filter on the actual data within the frame rather than just on protocol or addresses. Using a frame contains filter with a pattern that lists common file extensions lets Wireshark match any frame whose payload includes those strings, regardless of how the data is transported. This works because file types are typically indicated by their extensions or related headers inside the data, so listing them together with an OR-like expression captures frames carrying attachments such as PDFs, ZIPs, or other listed types. The other options focus on protocol, IP, or port rather than the content of the frame. They may identify traffic on a web server or from a specific host, but they don’t specifically identify frames that contain those file types in their payload, so they’re not as reliable for this purpose.