Ping packets should use an ICMP type of 8 (echo) or 0 (echo reply), so you could use a capture filter of:
icmp
and a display filter of:
icmp.type == 8 || icmp.type == 0
For HTTP, you can use a capture filter of:
tcp port 80
or a display filter of:
tcp.port == 80
or:
http
Note that a filter of http is not equivalent to the other two, which will include handshake and termination packets.
If you want to measure the number of connections rather than the amount of data, you can limit the capture or display filters to one side of the communication. For example, to capture only packets sent to port 80, use:
dst tcp port 80
Couple that with an http display filter, or use:
tcp.dstport == 80 && http
For more on capture filters, read "Filtering while capturing" from the Wireshark user guide, the capture filters page on the Wireshark wiki, or pcap-filter (7) man page. For display filters, try the display filters page on the Wireshark wiki. The "Filter Expression" dialog box can help you build display filters.
As you said in your comment:
greater <length>
less <length>
They also happen to be in this handy tcpdump cheat sheet I have on my wall.
Best Answer
Have you tried the "contains" or "matches" operators? For example,
or simply
The first example looks for TNS requests which contain the case-sensitive string "Marshmallows". The second example looks for "marshmallows" anywhere in any frame, ignoring case. ("contains" does simple string matching; "matches" lets you use PCRE modifiers).
Update: In Wireshark 2.6 and later "matches" is case-insensitive by default. You can use the "(?-i)" PCRE modifier to force case sensitivity.