Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Display Filter Reference: PCAP File Format

Protocol field name: file-pcap

Versions: 2.0.0 to 4.2.4

Back to Display Filter Reference

Field name Description Type Versions
pcap.capt_len_larger_than_orig_lencaptured length is larger than original lengthLabel4.2.0 to 4.2.4
pcap.capt_len_larger_than_snap_lencaptured length is larger than snapshot lengthLabel4.2.0 to 4.2.4
pcap.headerHeaderLabel2.0.0 to 4.2.4
pcap.header.magic_bytesMagic BytesUnsigned integer (32 bits)2.0.0 to 2.0.1
pcap.header.magic_numberMagic NumberByte sequence2.0.2 to 4.2.4
pcap.header.sigfigsSigfigsUnsigned integer (32 bits)2.0.0 to 4.2.4
pcap.header.snapshot_lengthSnapshot LengthUnsigned integer (32 bits)2.0.0 to 4.2.4
pcap.header.this_zoneThis ZoneSigned integer (32 bits)2.0.0 to 4.2.4
pcap.header.version.majorVersion MajorUnsigned integer (16 bits)2.0.0 to 4.2.4
pcap.header.version.minorVersion MinorUnsigned integer (16 bits)2.0.0 to 4.2.4
pcap.inc_len_larger_than_orig_lenincluded length is larger than original lengthLabel3.0.0 to 4.0.14
pcap.inc_len_larger_than_snap_lenincluded length is larger than snapshot lengthLabel3.0.0 to 4.0.14
pcap.packetPacketLabel2.0.0 to 4.2.4
pcap.packet.captured_lengthCaptured Packet LengthUnsigned integer (32 bits)4.2.0 to 4.2.4
pcap.packet.dataDataLabel2.0.0 to 4.2.4
pcap.packet.data.dataDataLabel2.0.0 to 2.0.16
pcap.packet.data.pseudoheaderPseudoheaderLabel2.0.0 to 2.0.16
pcap.packet.data.pseudoheader.bluetooth.directionDirectionUnsigned integer (32 bits)2.0.0 to 2.0.16
pcap.packet.included_lengthIncluded LengthUnsigned integer (32 bits)2.0.0 to 4.0.14
pcap.packet.origin_lengthOrigin LengthUnsigned integer (32 bits)2.0.0 to 4.0.14
pcap.packet.original_lengthOriginal Packet LengthUnsigned integer (32 bits)4.2.0 to 4.2.4
pcap.packet.timestampTimestampDate and time2.0.0 to 4.2.4
pcap.packet.timestamp.secTimestamp secUnsigned integer (32 bits)2.0.0 to 4.2.4
pcap.packet.timestamp.usecTimestamp usecUnsigned integer (32 bits)2.0.0 to 4.2.4
pcap.unknown_encodingExpert InfoLabel2.0.0 to 2.0.1

Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube