Wireshark
the world's foremost network protocol analyzer
Display Filter Reference: SEBEK - Kernel Data Capture
Protocol field name: sebek
Versions: 1.0.0 to 1.6.5
Back to Display Filter Reference
| Field name | Type | Description | Versions |
|---|---|---|---|
| sebek.cmd | Character string | Command Name | 1.0.0 to 1.6.5 |
| sebek.counter | Unsigned integer, 4 bytes | Counter | 1.0.0 to 1.6.5 |
| sebek.data | Character string | Data | 1.0.0 to 1.6.5 |
| sebek.fd | Unsigned integer, 4 bytes | File Descriptor | 1.0.0 to 1.6.5 |
| sebek.inode | Unsigned integer, 4 bytes | Inode ID | 1.0.0 to 1.6.5 |
| sebek.len | Unsigned integer, 4 bytes | Data Length | 1.0.0 to 1.6.5 |
| sebek.magic | Unsigned integer, 4 bytes | Magic | 1.0.0 to 1.6.5 |
| sebek.pid | Unsigned integer, 4 bytes | Process ID | 1.0.0 to 1.6.5 |
| sebek.ppid | Unsigned integer, 4 bytes | Parent Process ID | 1.0.0 to 1.6.5 |
| sebek.socket.call | Unsigned integer, 2 bytes | Socket.Call_id | 1.0.0 to 1.6.5 |
| sebek.socket.dst_ip | IPv4 address | Socket.remote_ip | 1.0.0 to 1.6.5 |
| sebek.socket.dst_port | Unsigned integer, 2 bytes | Socket.remote_port | 1.0.0 to 1.6.5 |
| sebek.socket.ip_proto | Unsigned integer, 1 byte | Socket.ip_proto | 1.0.0 to 1.6.5 |
| sebek.socket.src_ip | IPv4 address | Socket.local_ip | 1.0.0 to 1.6.5 |
| sebek.socket.src_port | Unsigned integer, 2 bytes | Socket.local_port | 1.0.0 to 1.6.5 |
| sebek.time.sec | Date and time | Time | 1.0.0 to 1.6.5 |
| sebek.type | Unsigned integer, 2 bytes | Type | 1.0.0 to 1.6.5 |
| sebek.uid | Unsigned integer, 4 bytes | User ID | 1.0.0 to 1.6.5 |
| sebek.version | Unsigned integer, 2 bytes | Version | 1.0.0 to 1.6.5 |