Wireshark · Display Filter Reference: PCAP File Format

Display Filter Reference: PCAP File Format

Protocol field name: file-pcap

Versions: 2.0.0 to 2.6.5

Field name	Description	Type	Versions
pcap.header	Header	Label	2.0.0 to 2.6.5
pcap.header.link_type	Link Type	Unsigned integer, 4 bytes	2.0.0 to 2.6.5
pcap.header.magic_bytes	Magic Bytes	Unsigned integer, 4 bytes	2.0.0 to 2.0.1
pcap.header.magic_number	Magic Number	Sequence of bytes	2.0.2 to 2.6.5
pcap.header.sigfigs	Sigfigs	Unsigned integer, 4 bytes	2.0.0 to 2.6.5
pcap.header.snapshot_length	Snapshot Length	Unsigned integer, 4 bytes	2.0.0 to 2.6.5
pcap.header.this_zone	This Zone	Signed integer, 4 bytes	2.0.0 to 2.6.5
pcap.header.version.major	Version Major	Unsigned integer, 2 bytes	2.0.0 to 2.6.5
pcap.header.version.minor	Version Minor	Unsigned integer, 2 bytes	2.0.0 to 2.6.5
pcap.packet	Packet	Label	2.0.0 to 2.6.5
pcap.packet.data	Data	Label	2.0.0 to 2.6.5
pcap.packet.data.data	Data	Label	2.0.0 to 2.0.16
pcap.packet.data.pseudoheader	Pseudoheader	Label	2.0.0 to 2.0.16
pcap.packet.data.pseudoheader.bluetooth.direction	Direction	Unsigned integer, 4 bytes	2.0.0 to 2.0.16
pcap.packet.included_length	Included Length	Unsigned integer, 4 bytes	2.0.0 to 2.6.5
pcap.packet.origin_length	Origin Length	Unsigned integer, 4 bytes	2.0.0 to 2.6.5
pcap.packet.timestamp	Timestamp	Date and time	2.0.0 to 2.6.5
pcap.packet.timestamp.sec	Timestamp sec	Unsigned integer, 4 bytes	2.0.0 to 2.6.5
pcap.packet.timestamp.usec	Timestamp usec	Unsigned integer, 4 bytes	2.0.0 to 2.6.5
pcap.unknown_encoding	Expert Info	Label	2.0.0 to 2.0.1

Go Beyond with Riverbed Technology

Learn More

Buy Now

• Full stack analysis – from packets to pages
• Rich performance metrics & pre-defined insights for fast problem identification/resolution
• Modular, flexible solution for deeply-analyzing network & application performance

Learn More