Wireshark version 1.6.9-Spirent
To filter from an offset within a frame:
Use the filter string:
filter[start byte in decimal:length]==hex bytes
For example:
frame[32:02]==0b05
Will look for packets with 2 bytes matching the hex string "0b05" starting at the 32nd byte (first byte in packet is 0).
To filter for frames from time1 to time2:
(frame.time > "mmm dd, yyyy hh:mm:ss.sss" && frame.time < "mmm dd, yyyy hh:mm:ss.sss")
(frame.time > "Aug 19, 2013 19:38:33" && frame.time < "Aug 19, 2013 19:38:43") && (igmp.type == 0x17)
Will display IGMP leaves between 19:38:33 and 19:38:43 (10 seconds) on 8/19/13. Note: it is useful to use "View" --> "Time Display Format" --> "Date and Time of Day: ...."