Depending on your level of expertise the following might or might not be helpful, but here it is anyways:
Protocol refers to an agreed upon way of communicating. We as humas have languages – that could be considered a protocol.
Different social and national groups also have specific ways of acting – in Hungary i.e it is good protocol for a man to enter the door before the woman (to make sure no danger lurks beyond the doorway).
Examples of well know protocols that you might want to look into include: ARP, IPv4, IPv6, TCP, HTTP, SMTP, LDAP
Frame is the term used to describe the layer 2 data entity that travels the wire (also referred to as layer 1 or physical layer).
An example is an Ethernet Frame.
Packet refers to data contained within a frame and delivered up to layer 3 of the OSI-model.
An IP packet is an example of such a layer 3 packet.
Segment/Datagram refers to data contained within a packet and delivered up to layer 4 of the OSI-model. Segment is used in connection specific protocols (i.e TCP) and Datagram is used in connectionless protocols (i.e UDP)
A TCP segment is an example of such a layer 4 segment.
Application data refers to data contained within a segment/datagram and delivered up to layer 5/6/7 of the OSI-model.
An example of such data is HTTP data.
Physical wire -> Frame -> Packet -> Segment/Datagram -> Application Data
An example in reverse order: An application (layer 5/6/7) hands data over to the TCP protocol (layer 4) which in turn hands it down to the IP protocol (layer 3) which then passes it on to the network interface card (layer 2) that puts it out onto the wire (layer 1).
Capture filter in Wireshark
When you capture traffic in Wireshark, you will probably want to narrow down the scope of your trace. You probably want to look at specific traffic, maybe to/from a specific host – to facilitate this Wireshark uses capture filters. These use Berkeley Packet Filter
syntax. I believe this due to the fact that this is the syntax that Wiresharks capture engine (WinPCAP/libPcap) uses.
You must know that capture filters are totally different than display filters! Capture filters define what Wireshark pick up off the wire.
See https://wiki.wireshark.org/CaptureFilters for more one display filters.
Display filter in Wireshark
Display filters follow their own syntax and are used to show/hide data that Wireshark has captured. They follow their own syntax and are different from capture filters. Display filters support the use of regular expressions (regex).
See https://wiki.wireshark.org/DisplayFilters for more on display filters.
Display filters define what packets Wireshark will show you from a captured trace.