Display Filter Reference: PCAP File Format
Protocol field name: file-pcap
Versions: 2.0.0 to 3.4.9
Back to Display Filter Reference
| Field name | Description | Type | Versions |
|---|---|---|---|
| pcap.header | Header | Label | 2.0.0 to 3.4.9 |
| pcap.header.link_type | Link Type | Unsigned integer, 4 bytes | 2.0.0 to 3.4.9 |
| pcap.header.magic_bytes | Magic Bytes | Unsigned integer, 4 bytes | 2.0.0 to 2.0.1 |
| pcap.header.magic_number | Magic Number | Sequence of bytes | 2.0.2 to 3.4.9 |
| pcap.header.sigfigs | Sigfigs | Unsigned integer, 4 bytes | 2.0.0 to 3.4.9 |
| pcap.header.snapshot_length | Snapshot Length | Unsigned integer, 4 bytes | 2.0.0 to 3.4.9 |
| pcap.header.this_zone | This Zone | Signed integer, 4 bytes | 2.0.0 to 3.4.9 |
| pcap.header.version.major | Version Major | Unsigned integer, 2 bytes | 2.0.0 to 3.4.9 |
| pcap.header.version.minor | Version Minor | Unsigned integer, 2 bytes | 2.0.0 to 3.4.9 |
| pcap.inc_len_larger_than_orig_len | included length is larger than original length | Label | 3.0.0 to 3.4.9 |
| pcap.inc_len_larger_than_snap_len | included length is larger than snapshot length | Label | 3.0.0 to 3.4.9 |
| pcap.packet | Packet | Label | 2.0.0 to 3.4.9 |
| pcap.packet.data | Data | Label | 2.0.0 to 3.4.9 |
| pcap.packet.data.data | Data | Label | 2.0.0 to 2.0.16 |
| pcap.packet.data.pseudoheader | Pseudoheader | Label | 2.0.0 to 2.0.16 |
| pcap.packet.data.pseudoheader.bluetooth.direction | Direction | Unsigned integer, 4 bytes | 2.0.0 to 2.0.16 |
| pcap.packet.included_length | Included Length | Unsigned integer, 4 bytes | 2.0.0 to 3.4.9 |
| pcap.packet.origin_length | Origin Length | Unsigned integer, 4 bytes | 2.0.0 to 3.4.9 |
| pcap.packet.timestamp | Timestamp | Date and time | 2.0.0 to 3.4.9 |
| pcap.packet.timestamp.sec | Timestamp sec | Unsigned integer, 4 bytes | 2.0.0 to 3.4.9 |
| pcap.packet.timestamp.usec | Timestamp usec | Unsigned integer, 4 bytes | 2.0.0 to 3.4.9 |
| pcap.unknown_encoding | Expert Info | Label | 2.0.0 to 2.0.1 |