Protocol field name: file-pcapng
Versions: 2.0.0 to 4.6.0
Back to Display Filter Reference
| Field name | Description | Type | Versions |
|---|---|---|---|
| pcapng | Block | Label | 2.0.0 to 4.6.0 |
| pcapng | Block Data | Label | 2.0.0 to 4.6.0 |
| pcapng | Extraneous Data | Byte sequence | 4.6.0 |
| pcapng | Extraneous Data Length | Unsigned integer (32 bits) | 4.6.0 |
| pcapng | Extraneous data in block after END-OF-OPTION option | Label | 4.6.0 |
| pcapng | Block Length | Unsigned integer (32 bits) | 2.0.0 to 4.6.0 |
| pcapng | Block Length (trailer) | Unsigned integer (32 bits) | 3.6.0 to 4.6.0 |
| pcapng | Block Type | Unsigned integer (32 bits) | 2.0.0 to 4.6.0 |
| pcapng | Block Type Value | Unsigned integer (32 bits) | 2.0.0 to 4.6.0 |
| pcapng | Block Type Vendor | Boolean | 2.0.0 to 4.6.0 |
| pcapng | Block length is < the length of the contents of the block | Label | 3.6.0 to 4.6.0 |
| pcapng | Block length is < 12 bytes | Label | 3.6.0 to 4.6.0 |
| pcapng | Block length is not a multiple of 4 | Label | 3.2.15 to 3.2.18, 3.4.7 to 4.6.0 |
| pcapng | Block length is < 12 bytes | Label | 2.6.17 to 2.6.20, 3.0.11 to 3.0.14, 3.2.4 to 3.4.16 |
| pcapng | Block length in trailer differs from block length in header | Label | 3.6.0 to 4.6.0 |
| pcapng | Custom Data | Byte sequence | 4.2.0 to 4.6.0 |
| pcapng | Custom Option Binary | Byte sequence | 4.2.0 to 4.6.0 |
| pcapng | Custom Option String | Character string | 4.2.0 to 4.6.0 |
| pcapng | Private Enterprise Number (PEN) | Unsigned integer (32 bits) | 4.2.0 to 4.6.0 |
| pcapng | Darwin Process ID | Unsigned integer (32 bits) | 2.4.0 to 4.0.17 |
| pcapng | Darwin Process Name | Character string | 2.4.0 to 4.0.17 |
| pcapng | Darwin Process UUID | Globally Unique Identifier | 2.4.0 to 4.0.17 |
| pcapng | Secrets Data | Byte sequence | 3.0.0 to 4.6.0 |
| pcapng | Secrets Length | Unsigned integer (32 bits) | 3.0.0 to 4.6.0 |
| pcapng | Secrets Type | Unsigned integer (32 bits) | 3.0.0 to 4.6.0 |
| pcapng | Link Type | Unsigned integer (16 bits) | 2.0.0 to 4.6.0 |
| pcapng | Reserved | Unsigned integer (16 bits) | 2.0.0 to 4.6.0 |
| pcapng | Snap Length | Unsigned integer (32 bits) | 2.0.0 to 4.6.0 |
| pcapng | Interface | Unsigned integer (32 bits) | 2.0.0 to 4.6.0 |
| pcapng | The byte-order magic number is not valid | Label | 2.6.17 to 2.6.20, 3.0.11 to 3.0.14, 3.2.4 to 4.6.0 |
| pcapng | Invalid Option Length | Label | 2.0.0 to 4.6.0 |
| pcapng | Invalid Record Length | Label | 2.0.0 to 4.6.0 |
| pcapng | No Interface Description before block that requires it | Label | 2.6.17 to 2.6.20, 3.0.11 to 3.0.14, 3.2.4 to 4.6.0 |
| pcapng | Options | Label | 2.0.0 to 4.6.0 |
| pcapng | Option | Label | 2.0.0 to 4.6.0 |
| pcapng | Code | Unsigned integer (16 bits) | 2.0.0 to 4.6.0 |
| pcapng | Option Data | Label | 2.0.0 to 4.6.0 |
| pcapng | Comment | Character string | 2.0.0 to 4.6.0 |
| pcapng | DNS Name | Character string | 2.0.0 to 4.6.0 |
| pcapng | End Time | Label | 2.0.0 to 4.6.0 |
| pcapng | EUI Address | EUI64 address | 2.0.0 to 4.6.0 |
| pcapng | Hardware | Character string | 2.0.0 to 4.6.0 |
| pcapng | Number of Accepted by Filter Packets | Unsigned integer (64 bits) | 2.0.0 to 4.6.0 |
| pcapng | Number of Delivered to the User Packets | Unsigned integer (64 bits) | 2.0.0 to 4.6.0 |
| pcapng | Description | Character string | 2.0.0 to 4.6.0 |
| pcapng | Number of Dropped Packets | Unsigned integer (64 bits) | 2.0.0 to 4.6.0 |
| pcapng | Number of Dropped Packets by OS | Unsigned integer (64 bits) | 2.0.0 to 4.6.0 |
| pcapng | FCS Length | Unsigned integer (8 bits) | 2.0.0 to 4.6.0 |
| pcapng | Filter | Character string | 2.0.0 to 3.4.16 |
| pcapng | Filter BPF program | Label | 3.6.0 to 4.6.0 |
| pcapng | Filter string | Character string | 3.6.0 to 4.6.0 |
| pcapng | Filter type | Unsigned integer (8 bits) | 3.6.0 to 4.6.0 |
| pcapng | Filter data | Label | 3.6.0 to 4.6.0 |
| pcapng | Hardware | Character string | 2.6.17 to 2.6.20, 3.0.11 to 3.0.14, 3.2.4 to 4.6.0 |
| pcapng | IANA timezone name | Character string | 4.6.0 |
| pcapng | Name | Character string | 2.0.0 to 4.6.0 |
| pcapng | OS | Character string | 2.0.0 to 4.6.0 |
| pcapng | Number of Received Packets | Unsigned integer (64 bits) | 2.0.0 to 4.6.0 |
| pcapng | Rx speed | Unsigned integer (64 bits) | 4.6.0 |
| pcapng | Speed | Unsigned integer (64 bits) | 2.0.0 to 4.6.0 |
| pcapng | Timestamp Offset | Unsigned integer (64 bits) | 2.0.0 to 4.6.0 |
| pcapng | Timestamp Resolution | Unsigned integer (8 bits) | 2.0.0 to 4.6.0 |
| pcapng | Base | Unsigned integer (8 bits) | 2.0.0 to 4.6.0 |
| pcapng | Value | Unsigned integer (8 bits) | 2.0.0 to 4.6.0 |
| pcapng | Timezone | Unsigned integer (32 bits) | 2.0.0 to 4.6.0 |
| pcapng | Tx speed | Unsigned integer (64 bits) | 4.6.0 |
| pcapng | IPv4 | IPv4 address | 2.0.0 to 4.6.0 |
| pcapng | IPv4 Mask | IPv4 address | 2.0.0 to 4.6.0 |
| pcapng | IPv6 | IPv6 address | 2.2.0 to 4.6.0 |
| pcapng | IPv6 Mask | Unsigned integer (8 bits) | 2.0.0 to 4.6.0 |
| pcapng | MAC Address | Ethernet or other MAC address | 2.0.0 to 4.6.0 |
| pcapng | OS | Character string | 2.0.0 to 4.6.0 |
| pcapng | DPEB ID | Unsigned integer (32 bits) | 2.4.0 to 4.4.10 |
| pcapng | DPIB ID | Unsigned integer (32 bits) | 4.6.0 |
| pcapng | Effective DPED ID | Unsigned integer (32 bits) | 2.4.0 to 4.4.10 |
| pcapng | Effective DPIB ID | Unsigned integer (32 bits) | 4.6.0 |
| pcapng | Darwin Flags | Unsigned integer (32 bits) | 3.4.0 to 4.6.0 |
| pcapng | Nexus Channel(ch) | Boolean | 3.4.0 to 4.6.0 |
| pcapng | Keep Alive(ka) | Boolean | 3.4.0 to 4.6.0 |
| pcapng | New Flow(nf) | Boolean | 3.4.0 to 4.6.0 |
| pcapng | ReXmit(re) | Boolean | 3.4.0 to 4.6.0 |
| pcapng | Reserved | Boolean | 3.4.0 to 4.6.0 |
| pcapng | Socket(so) | Boolean | 3.4.0 to 4.6.0 |
| pcapng | Wake Packet(wk) | Boolean | 4.2.0 to 4.6.0 |
| pcapng | Flow ID | Unsigned integer (32 bits) | 4.2.0 to 4.6.0 |
| pcapng | Darwin svc | Unsigned integer (32 bits) | 2.4.0 to 4.6.0 |
| pcapng | Drop Count | Unsigned integer (64 bits) | 2.0.0 to 4.6.0 |
| pcapng | Flags | Unsigned integer (16 bits) | 2.0.0 to 4.6.0 |
| pcapng | Direction | Unsigned integer (16 bits) | 2.0.0 to 4.6.0 |
| pcapng | FCS Length | Unsigned integer (16 bits) | 2.0.0 to 4.6.0 |
| pcapng | Link Layer Errors | Unsigned integer (16 bits) | 2.0.0 to 4.6.0 |
| pcapng | CRC Error | Boolean | 2.0.0 to 4.6.0 |
| pcapng | Packet Too Long | Boolean | 2.0.0 to 4.6.0 |
| pcapng | Packet Too Short | Boolean | 2.0.0 to 4.6.0 |
| pcapng | Preamble Error | Boolean | 2.0.0 to 4.6.0 |
| pcapng | Reserved | Unsigned integer (16 bits) | 2.0.0 to 4.6.0 |
| pcapng | Start Frame Delimiter Error | Boolean | 2.0.15 to 2.0.16, 2.2.9 to 2.2.17, 2.4.1 to 4.6.0 |
| pcapng | Symbol Error | Boolean | 2.0.0 to 4.6.0 |
| pcapng | Unaligned Frame Error | Boolean | 2.0.15 to 2.0.16, 2.2.9 to 2.2.17, 2.4.1 to 4.6.0 |
| pcapng | Wrong Inter Frame Gap | Boolean | 2.0.0 to 4.6.0 |
| pcapng | Reception Type | Unsigned integer (16 bits) | 2.0.0 to 4.6.0 |
| pcapng | Reserved | Unsigned integer (16 bits) | 2.0.0 to 4.6.0 |
| pcapng | Hash Algorithm | Unsigned integer (8 bits) | 2.0.0 to 4.6.0 |
| pcapng | Hash Data | Byte sequence | 2.0.0 to 4.6.0 |
| pcapng | Packet ID | Unsigned integer (64 bits) | 3.4.3 to 4.6.0 |
| pcapng | Queue | Unsigned integer (32 bits) | 3.4.3 to 4.6.0 |
| pcapng | Verdict data | Byte sequence | 3.4.3 to 4.6.0 |
| pcapng | Verdict type | Unsigned integer (8 bits) | 3.4.3 to 4.6.0 |
| pcapng | Process ID | Unsigned integer (32 bits) | 4.6.0 |
| pcapng | Start Time | Label | 2.0.0 to 4.6.0 |
| pcapng | Thread ID | Unsigned integer (32 bits) | 4.6.0 |
| pcapng | User Application | Character string | 2.0.0 to 4.6.0 |
| pcapng | Length | Unsigned integer (16 bits) | 2.0.0 to 4.6.0 |
| pcapng | Option Padding | Label | 2.0.0 to 4.6.0 |
| pcapng | Captured Packet Length | Unsigned integer (32 bits) | 2.0.0 to 4.6.0 |
| pcapng | Drops Count | Unsigned integer (16 bits) | 2.0.0 to 4.6.0 |
| pcapng | Interface | Unsigned integer (16 bits) | 2.0.0 to 4.6.0 |
| pcapng | Original Packet Length | Unsigned integer (32 bits) | 4.2.0 to 4.6.0 |
| pcapng | Packet Data | Label | 2.0.0 to 4.6.0 |
| pcapng | Packet Length | Unsigned integer (16 bits) | 2.0.0 to 4.0.17 |
| pcapng | Packet Padding | Label | 2.0.0 to 4.6.0 |
| pcapng | Records | Label | 2.0.0 to 4.6.0 |
| pcapng | Record | Label | 2.0.0 to 4.6.0 |
| pcapng | Code | Unsigned integer (16 bits) | 2.0.0 to 4.6.0 |
| pcapng | Record Data | Label | 2.0.0 to 4.6.0 |
| pcapng | IPv4 | IPv4 address | 2.0.0 to 4.6.0 |
| pcapng | IPv6 | IPv6 address | 2.0.0 to 4.6.0 |
| pcapng | Name | Character string | 2.0.0 to 4.6.0 |
| pcapng | Length | Unsigned integer (16 bits) | 2.0.0 to 4.6.0 |
| pcapng | Record Padding | Label | 2.0.0 to 4.6.0 |
| pcapng | Byte Order Magic | Byte sequence | 2.0.0 to 4.6.0 |
| pcapng | Section Length | Signed integer (64 bits) | 2.0.0 to 4.6.0 |
| pcapng | Major Version | Unsigned integer (16 bits) | 2.0.0 to 4.6.0 |
| pcapng | Minor Version | Unsigned integer (16 bits) | 2.0.0 to 4.6.0 |
| pcapng | Timestamp | Date and time | 2.0.0 to 4.6.0 |
| pcapng | Timestamp (High) | Unsigned integer (32 bits) | 2.0.0 to 4.6.0 |
| pcapng | Timestamp (Low) | Unsigned integer (32 bits) | 2.0.0 to 4.6.0 |
| pcapng | Expert Info | Label | 2.0.0 to 2.0.1 |
