Wireshark · Display Filter Reference: Linux Netfilter NFLOG

Display Filter Reference: Linux Netfilter NFLOG

Protocol field name: nflog

Versions: 1.8.0 to 4.0.3

Field name	Description	Type	Versions
nflog.encoding	Encoding	Unsigned integer (4 bytes)	1.8.0 to 1.10.14
nflog.family	Family	Unsigned integer (1 byte)	1.8.0 to 4.0.3
nflog.gid	GID	Signed integer (4 bytes)	1.8.0 to 4.0.3
nflog.hook	Netfilter hook	Unsigned integer (1 byte)	2.4.0 to 4.0.3
nflog.ifindex_indev	IFINDEX_INDEV	Unsigned integer (4 bytes)	2.4.0 to 4.0.3
nflog.ifindex_outdev	IFINDEX_OUTDEV	Unsigned integer (4 bytes)	2.4.0 to 4.0.3
nflog.ifindex_physindev	IFINDEX_PHYSINDEV	Unsigned integer (4 bytes)	2.4.0 to 4.0.3
nflog.ifindex_physoutdev	IFINDEX_PHYSOUTDEV	Unsigned integer (4 bytes)	2.4.0 to 4.0.3
nflog.prefix	Prefix	Character string	1.8.0 to 4.0.3
nflog.protocol	HW protocol	Unsigned integer (2 bytes)	2.4.0 to 4.0.3
nflog.res_id	Resource id	Unsigned integer (2 bytes)	1.8.0 to 4.0.3
nflog.timestamp	Timestamp	Date and time	1.8.0 to 4.0.3
nflog.tlv	TLV	Byte sequence	1.8.0 to 4.0.3
nflog.tlv_length	Length	Unsigned integer (2 bytes)	1.8.0 to 4.0.3
nflog.tlv_type	Type	Unsigned integer (2 bytes)	1.8.0 to 4.0.3
nflog.tlv_value	Value	Byte sequence	1.8.0 to 4.0.3
nflog.uid	UID	Signed integer (4 bytes)	1.8.0 to 4.0.3
nflog.version	Version	Unsigned integer (1 byte)	1.8.0 to 4.0.3