Wireshark · Display Filter Reference: PCAP File Format

Display Filter Reference: PCAP File Format

Protocol field name: file-pcap

Versions: 2.0.0 to 3.2.7

Field name	Description	Type	Versions
pcap.header	Header	Label	2.0.0 to 3.2.7
pcap.header.link_type	Link Type	Unsigned integer, 4 bytes	2.0.0 to 3.2.7
pcap.header.magic_bytes	Magic Bytes	Unsigned integer, 4 bytes	2.0.0 to 2.0.1
pcap.header.magic_number	Magic Number	Sequence of bytes	2.0.2 to 3.2.7
pcap.header.sigfigs	Sigfigs	Unsigned integer, 4 bytes	2.0.0 to 3.2.7
pcap.header.snapshot_length	Snapshot Length	Unsigned integer, 4 bytes	2.0.0 to 3.2.7
pcap.header.this_zone	This Zone	Signed integer, 4 bytes	2.0.0 to 3.2.7
pcap.header.version.major	Version Major	Unsigned integer, 2 bytes	2.0.0 to 3.2.7
pcap.header.version.minor	Version Minor	Unsigned integer, 2 bytes	2.0.0 to 3.2.7
pcap.inc_len_larger_than_orig_len	included length is larger than original length	Label	3.0.0 to 3.2.7
pcap.inc_len_larger_than_snap_len	included length is larger than snapshot length	Label	3.0.0 to 3.2.7
pcap.packet	Packet	Label	2.0.0 to 3.2.7
pcap.packet.data	Data	Label	2.0.0 to 3.2.7
pcap.packet.data.data	Data	Label	2.0.0 to 2.0.16
pcap.packet.data.pseudoheader	Pseudoheader	Label	2.0.0 to 2.0.16
pcap.packet.data.pseudoheader.bluetooth.direction	Direction	Unsigned integer, 4 bytes	2.0.0 to 2.0.16
pcap.packet.included_length	Included Length	Unsigned integer, 4 bytes	2.0.0 to 3.2.7
pcap.packet.origin_length	Origin Length	Unsigned integer, 4 bytes	2.0.0 to 3.2.7
pcap.packet.timestamp	Timestamp	Date and time	2.0.0 to 3.2.7
pcap.packet.timestamp.sec	Timestamp sec	Unsigned integer, 4 bytes	2.0.0 to 3.2.7
pcap.packet.timestamp.usec	Timestamp usec	Unsigned integer, 4 bytes	2.0.0 to 3.2.7
pcap.unknown_encoding	Expert Info	Label	2.0.0 to 2.0.1

Go Beyond with Riverbed Technology

Riverbed is Wireshark's primary sponsor and provides our funding. They also make great products that fully integrate with Wireshark.

I have a lot of traffic...

ANSWER: SteelCentral™ AppResponse 11

• Full stack analysis – from packets to pages
• Rich performance metrics & pre-defined insights for fast problem identification/resolution
• Modular, flexible solution for deeply-analyzing network & application performance

Learn More