Wireshark · Display Filter Reference: Linux Netfilter NFLOG

Display Filter Reference: Linux Netfilter NFLOG

Protocol field name: nflog

Versions: 1.8.0 to 3.4.0

Back to Display Filter Reference

Field name	Description	Type	Versions
nflog.encoding	Encoding	Unsigned integer, 4 bytes	1.8.0 to 1.10.14
nflog.family	Family	Unsigned integer, 1 byte	1.8.0 to 3.4.0
nflog.gid	GID	Signed integer, 4 bytes	1.8.0 to 3.4.0
nflog.hook	Netfilter hook	Unsigned integer, 1 byte	2.4.0 to 3.4.0
nflog.ifindex_indev	IFINDEX_INDEV	Unsigned integer, 4 bytes	2.4.0 to 3.4.0
nflog.ifindex_outdev	IFINDEX_OUTDEV	Unsigned integer, 4 bytes	2.4.0 to 3.4.0
nflog.ifindex_physindev	IFINDEX_PHYSINDEV	Unsigned integer, 4 bytes	2.4.0 to 3.4.0
nflog.ifindex_physoutdev	IFINDEX_PHYSOUTDEV	Unsigned integer, 4 bytes	2.4.0 to 3.4.0
nflog.prefix	Prefix	Character string	1.8.0 to 3.4.0
nflog.protocol	HW protocol	Unsigned integer, 2 bytes	2.4.0 to 3.4.0
nflog.res_id	Resource id	Unsigned integer, 2 bytes	1.8.0 to 3.4.0
nflog.timestamp	Timestamp	Date and time	1.8.0 to 3.4.0
nflog.tlv	TLV	Sequence of bytes	1.8.0 to 3.4.0
nflog.tlv_length	Length	Unsigned integer, 2 bytes	1.8.0 to 3.4.0
nflog.tlv_type	Type	Unsigned integer, 2 bytes	1.8.0 to 3.4.0
nflog.tlv_value	Value	Sequence of bytes	1.8.0 to 3.4.0
nflog.uid	UID	Signed integer, 4 bytes	1.8.0 to 3.4.0
nflog.version	Version	Unsigned integer, 1 byte	1.8.0 to 3.4.0

Go Beyond with Riverbed Technology

Riverbed is Wireshark's primary sponsor and provides our funding. They also make great products that fully integrate with Wireshark.

I have a lot of traffic...

ANSWER: SteelCentral™ AppResponse 11

• Full stack analysis – from packets to pages
• Rich performance metrics & pre-defined insights for fast problem identification/resolution
• Modular, flexible solution for deeply-analyzing network & application performance

Learn More