Display Filter Reference: Internet Protocol Version 4

Protocol field name: ip

Versions: 1.0.0 to 2.4.2

Back to Display Filter Reference

Field name Description Type Versions
ip.addr Source or Destination Address IPv4 address 1.0.0 to 2.4.2
ip.bogus_ip_length Expert Info Label 1.12.0 to 2.4.2
ip.bogus_ip_version Expert Info Label 2.0.0 to 2.4.2
ip.checksum Header checksum Unsigned integer, 2 bytes 1.0.0 to 2.4.2
ip.checksum.status Header checksum status Unsigned integer, 1 byte 2.2.0 to 2.4.2
ip.checksum_bad Bad Boolean 1.0.0 to 2.0.16
ip.checksum_bad.expert Expert Info Label 1.12.0 to 2.4.2
ip.checksum_calculated Calculated Checksum Unsigned integer, 2 bytes 1.12.0 to 2.4.2
ip.checksum_good Good Boolean 1.0.0 to 2.0.16
ip.cipso.categories Categories Character string 2.0.0 to 2.4.2
ip.cipso.doi DOI Unsigned integer, 4 bytes 2.0.0 to 2.4.2
ip.cipso.malformed Expert Info Label 2.0.0 to 2.4.2
ip.cipso.sensitivity_level Sensitivity Level Unsigned integer, 1 byte 2.0.0 to 2.4.2
ip.cipso.tag_data Tag data Sequence of bytes 2.0.0 to 2.4.2
ip.cipso.tag_type Tag Type Unsigned integer, 1 byte 2.0.0 to 2.4.2
ip.cur_rt Current Route IPv4 address 1.8.0 to 2.4.2
ip.cur_rt_host Current Route Host Character string 1.8.0 to 2.4.2
ip.dsfield Differentiated Services Field Unsigned integer, 1 byte 1.0.0 to 2.4.2
ip.dsfield.ce ECN-CE Unsigned integer, 1 byte 1.0.0 to 1.4.15
ip.dsfield.dscp Differentiated Services Codepoint Unsigned integer, 1 byte 1.0.0 to 2.4.2
ip.dsfield.ecn Explicit Congestion Notification Unsigned integer, 1 byte 1.6.0 to 2.4.2
ip.dsfield.ect ECN-Capable Transport (ECT) Unsigned integer, 1 byte 1.0.0 to 1.4.15
ip.dst Destination IPv4 address 1.0.0 to 2.4.2
ip.dst_host Destination Host Character string 1.0.0 to 2.4.2
ip.empty_rt Empty Route IPv4 address 1.8.0 to 2.4.2
ip.empty_rt_host Empty Route Host Character string 1.8.0 to 2.4.2
ip.evil_packet Expert Info Label 1.12.0 to 2.4.2
ip.flags Flags Unsigned integer, 1 byte 1.0.0 to 2.4.2
ip.flags.df Don\'t fragment Boolean 1.0.0 to 2.4.2
ip.flags.mf More fragments Boolean 1.0.0 to 2.4.2
ip.flags.rb Reserved bit Boolean 1.0.0 to 2.4.2
ip.flags.sf Security flag Boolean 1.4.0 to 2.4.2
ip.frag_offset Fragment offset Unsigned integer, 2 bytes 1.0.0 to 2.4.2
ip.fragment IPv4 Fragment Frame number 1.0.0 to 2.4.2
ip.fragment.count Fragment count Unsigned integer, 4 bytes 1.6.0 to 2.4.2
ip.fragment.error Defragmentation error Frame number 1.0.0 to 2.4.2
ip.fragment.multipletails Multiple tail fragments found Boolean 1.0.0 to 2.4.2
ip.fragment.overlap Fragment overlap Boolean 1.0.0 to 2.4.2
ip.fragment.overlap.conflict Conflicting data in fragment overlap Boolean 1.0.0 to 2.4.2
ip.fragment.toolongfragment Fragment too long Boolean 1.0.0 to 2.4.2
ip.fragments IPv4 Fragments Sequence of bytes 1.0.0 to 2.4.2
ip.geoip.asnum Source or Destination GeoIP AS Number Character string 1.2.1 to 2.4.2
ip.geoip.city Source or Destination GeoIP City Character string 1.2.1 to 2.4.2
ip.geoip.country Source or Destination GeoIP Country Character string 1.2.1 to 2.4.2
ip.geoip.dst_asnum Destination GeoIP AS Number Character string 1.2.1 to 2.4.2
ip.geoip.dst_city Destination GeoIP City Character string 1.2.1 to 2.4.2
ip.geoip.dst_country Destination GeoIP Country Character string 1.2.1 to 2.4.2
ip.geoip.dst_isp Destination GeoIP ISP Character string 1.2.1 to 2.4.2
ip.geoip.dst_lat Destination GeoIP Latitude Floating point (double-precision) 1.2.1 to 2.4.2
ip.geoip.dst_lon Destination GeoIP Longitude Floating point (double-precision) 1.2.1 to 2.4.2
ip.geoip.dst_org Destination GeoIP Organization Character string 1.2.1 to 2.4.2
ip.geoip.isp Source or Destination GeoIP ISP Character string 1.2.1 to 2.4.2
ip.geoip.lat Source or Destination GeoIP Latitude Floating point (double-precision) 1.2.1 to 2.4.2
ip.geoip.lon Source or Destination GeoIP Longitude Floating point (double-precision) 1.2.1 to 2.4.2
ip.geoip.org Source or Destination GeoIP Organization Character string 1.2.1 to 2.4.2
ip.geoip.src_asnum Source GeoIP AS Number Character string 1.2.1 to 2.4.2
ip.geoip.src_city Source GeoIP City Character string 1.2.1 to 2.4.2
ip.geoip.src_country Source GeoIP Country Character string 1.2.1 to 2.4.2
ip.geoip.src_isp Source GeoIP ISP Character string 1.2.1 to 2.4.2
ip.geoip.src_lat Source GeoIP Latitude Floating point (double-precision) 1.2.1 to 2.4.2
ip.geoip.src_lon Source GeoIP Longitude Floating point (double-precision) 1.2.1 to 2.4.2
ip.geoip.src_org Source GeoIP Organization Character string 1.2.1 to 2.4.2
ip.hdr_len Header Length Unsigned integer, 1 byte 1.0.0 to 2.4.2
ip.host Source or Destination Host Character string 1.0.0 to 2.4.2
ip.id Identification Unsigned integer, 2 bytes 1.0.0 to 2.4.2
ip.len Total Length Unsigned integer, 2 bytes 1.0.0 to 2.4.2
ip.nop Expert Info Label 1.12.0 to 2.4.2
ip.opt.addr IP Address IPv4 address 1.8.0 to 2.4.2
ip.opt.ext_sec_add_sec_info Additional Security Info Sequence of bytes 1.8.0 to 2.4.2
ip.opt.ext_sec_add_sec_info_format_code Additional Security Info Format Code Unsigned integer, 1 byte 1.8.0 to 2.4.2
ip.opt.flag Flag Unsigned integer, 1 byte 2.0.0 to 2.4.2
ip.opt.id_number ID Number Unsigned integer, 2 bytes 1.8.0 to 2.4.2
ip.opt.len Length Unsigned integer, 1 byte 1.8.0 to 2.4.2
ip.opt.len.invalid Expert Info Label 1.12.0 to 2.4.2
ip.opt.mtu MTU Unsigned integer, 2 bytes 1.8.0 to 2.4.2
ip.opt.ohc Outbound Hop Count Unsigned integer, 2 bytes 1.8.0 to 2.4.2
ip.opt.originator Originator IP Address IPv4 address 1.8.0 to 2.4.2
ip.opt.overflow Overflow Unsigned integer, 1 byte 2.0.0 to 2.4.2
ip.opt.padding Padding Sequence of bytes 1.8.0 to 2.4.2
ip.opt.ptr Pointer Unsigned integer, 1 byte 1.8.0 to 2.4.2
ip.opt.ptr.before_address Expert Info Label 1.12.0 to 2.4.2
ip.opt.ptr.middle_address Expert Info Label 1.12.0 to 2.4.2
ip.opt.qs_func Function Unsigned integer, 1 byte 1.8.0 to 2.4.2
ip.opt.qs_nonce QS Nonce Unsigned integer, 4 bytes 1.8.0 to 2.4.2
ip.opt.qs_rate Rate Unsigned integer, 1 byte 1.8.0 to 2.4.2
ip.opt.qs_reserved Reserved Unsigned integer, 4 bytes 1.8.0 to 2.4.2
ip.opt.qs_ttl QS TTL Unsigned integer, 1 byte 1.8.0 to 2.4.2
ip.opt.qs_ttl_diff TTL Diff Unsigned integer, 1 byte 1.8.0 to 2.4.2
ip.opt.qs_unused Not Used Unsigned integer, 1 byte 1.8.0 to 2.4.2
ip.opt.ra Router Alert Unsigned integer, 2 bytes 1.8.0 to 2.4.2
ip.opt.rhc Return Hop Count Unsigned integer, 2 bytes 1.8.0 to 2.4.2
ip.opt.sec_cl Classification Level Unsigned integer, 1 byte 1.8.0 to 2.4.2
ip.opt.sec_prot_auth_doe DOE Boolean 1.8.0 to 2.4.2
ip.opt.sec_prot_auth_flags Protection Authority Flags Unsigned integer, 1 byte 1.8.0 to 2.4.2
ip.opt.sec_prot_auth_fti Field Termination Indicator Boolean 1.8.0 to 2.4.2
ip.opt.sec_prot_auth_genser GENSER Boolean 1.8.0 to 2.4.2
ip.opt.sec_prot_auth_nsa NSA Boolean 1.8.0 to 2.4.2
ip.opt.sec_prot_auth_sci SCI Boolean 1.8.0 to 2.4.2
ip.opt.sec_prot_auth_siop_esi SIOP-ESI Boolean 1.8.0 to 2.4.2
ip.opt.sec_prot_auth_unassigned Unassigned Unsigned integer, 1 byte 1.8.0 to 2.4.2
ip.opt.sec_rfc791_comp Compartments Unsigned integer, 2 bytes 1.8.0 to 2.4.2
ip.opt.sec_rfc791_hr Handling Restrictions Character string 1.8.0 to 2.4.2
ip.opt.sec_rfc791_sec Security Unsigned integer, 1 byte 1.8.0 to 2.4.2
ip.opt.sec_rfc791_tcc Transmission Control Code Character string 1.8.0 to 2.4.2
ip.opt.sid Stream Identifier Unsigned integer, 2 bytes 1.8.0 to 2.4.2
ip.opt.time_stamp Time stamp Unsigned integer, 4 bytes 2.0.0 to 2.4.2
ip.opt.time_stamp_addr Address IPv4 address 2.0.0 to 2.4.2
ip.opt.type Type Unsigned integer, 1 byte 1.8.0 to 2.4.2
ip.opt.type.class Class Unsigned integer, 1 byte 1.8.0 to 2.4.2
ip.opt.type.copy Copy on fragmentation Boolean 1.8.0 to 2.4.2
ip.opt.type.number Number Unsigned integer, 1 byte 1.8.0 to 2.4.2
ip.proto Protocol Unsigned integer, 1 byte 1.0.0 to 2.4.2
ip.reassembled.data Reassembled IPv4 data Sequence of bytes 1.10.0 to 2.4.2
ip.reassembled.length Reassembled IPv4 length Unsigned integer, 4 bytes 1.4.0 to 2.4.2
ip.reassembled_in Reassembled IPv4 in frame Frame number 1.0.0 to 2.4.2
ip.rec_rt Recorded Route IPv4 address 1.8.0 to 2.4.2
ip.rec_rt_host Recorded Route Host Character string 1.8.0 to 2.4.2
ip.src Source IPv4 address 1.0.0 to 2.4.2
ip.src_host Source Host Character string 1.0.0 to 2.4.2
ip.src_rt Source Route IPv4 address 1.8.0 to 2.4.2
ip.src_rt_host Source Route Host Character string 1.8.0 to 2.4.2
ip.subopt_too_long Expert Info Label 1.12.0 to 2.4.2
ip.tos Type of Service Unsigned integer, 1 byte 1.0.0 to 2.4.2
ip.tos.cost Cost Boolean 1.0.0 to 2.4.2
ip.tos.delay Delay Boolean 1.0.0 to 2.4.2
ip.tos.precedence Precedence Unsigned integer, 1 byte 1.0.0 to 2.4.2
ip.tos.reliability Reliability Boolean 1.0.0 to 2.4.2
ip.tos.throughput Throughput Boolean 1.0.0 to 2.4.2
ip.ttl Time to live Unsigned integer, 1 byte 1.0.0 to 2.4.2
ip.ttl.lncb Expert Info Label 1.12.0 to 2.4.2
ip.ttl.too_small Expert Info Label 1.12.0 to 2.4.2
ip.version Version Unsigned integer, 1 byte 1.0.0 to 2.4.2
Go Beyond with Riverbed Technology

Riverbed is Wireshark's primary sponsor and provides our funding. They also make great products that fully integrate with Wireshark.

I have a lot of traffic...

ANSWER: SteelCentral™ Packet Analyzer PE
  • • Visually rich, powerful LAN analyzer
  • • Quickly access very large pcap files
  • • Professional, customizable reports
  • • Advanced triggers and alerts
  • • Fully integrated with Wireshark and AirPcap™
Learn More

Buy Now

No, really, I have a LOT of traffic…

ANSWER: SteelCentral™ NetShark appliance
  • • Troubleshoot problems faster
  • • Quickly identify the applications running on your network
  • • Monitor your virtual machine traffic
Learn More

I need to capture wireless traffic...

ANSWER: AirPcap™ 802.11 Packet Capture
  • • WLAN packet capture and transmission
  • • Full 802.11 a/b/g/n support
  • • View management, control and data frames
  • • Multi-channel aggregation (with multiple adapters)
Learn More Buy Now