I have a big PCAP file downloaded from this website. (You can download the original pcap file : 368 MBs)
You can also download a short version that contains only some of the buggy packets.
There is something strange with some packets inside this file. There are 1113 packets labeled with sFlow inside it that it doesn't matters which wireshark-filter you apply to the packets, you always will see them (or part of them) in the window:
To be more clear let see some screen shots:
No filter applied:
Filter to see tcp packets only:
Filter to see udp packets only:
Filter to see packets with ip.addr == 68.64.21.64
What's wrong with these packets?
These packets are of sFlow type. They are used for network sampling, so they contain samples of other network packets within. Display filter seems to be applied not only to sFlow packet itself, but to every inner packet as well. So "tcp" display filter leaves those sFlow packets (they are obviously udp), which contain tcp sample within. Same for address filtering.
You can inspect inner packets as shown on the picture
Not sure if filter behavior is correct, I was amused by output as well. I think, it'd be great to open ticket at Wireshark bug database to hear developers' opinion.