Display Filter Reference: Linux Netfilter NFLOG

Protocol field name: nflog

Versions: 1.8.0 to 2.6.1

Back to Display Filter Reference

Field name Description Type Versions
nflog.encoding Encoding Unsigned integer, 4 bytes 1.8.0 to 1.10.14
nflog.family Family Unsigned integer, 1 byte 1.8.0 to 2.6.1
nflog.gid GID Signed integer, 4 bytes 1.8.0 to 2.6.1
nflog.hook Netfilter hook Unsigned integer, 1 byte 2.4.0 to 2.6.1
nflog.ifindex_indev IFINDEX_INDEV Unsigned integer, 4 bytes 2.4.0 to 2.6.1
nflog.ifindex_outdev IFINDEX_OUTDEV Unsigned integer, 4 bytes 2.4.0 to 2.6.1
nflog.ifindex_physindev IFINDEX_PHYSINDEV Unsigned integer, 4 bytes 2.4.0 to 2.6.1
nflog.ifindex_physoutdev IFINDEX_PHYSOUTDEV Unsigned integer, 4 bytes 2.4.0 to 2.6.1
nflog.prefix Prefix Character string 1.8.0 to 2.6.1
nflog.protocol HW protocol Unsigned integer, 2 bytes 2.4.0 to 2.6.1
nflog.res_id Resource id Unsigned integer, 2 bytes 1.8.0 to 2.6.1
nflog.timestamp Timestamp Date and time 1.8.0 to 2.6.1
nflog.tlv TLV Sequence of bytes 1.8.0 to 2.6.1
nflog.tlv_length Length Unsigned integer, 2 bytes 1.8.0 to 2.6.1
nflog.tlv_type Type Unsigned integer, 2 bytes 1.8.0 to 2.6.1
nflog.tlv_value Value Sequence of bytes 1.8.0 to 2.6.1
nflog.uid UID Signed integer, 4 bytes 1.8.0 to 2.6.1
nflog.version Version Unsigned integer, 1 byte 1.8.0 to 2.6.1
Go Beyond with Riverbed Technology

Riverbed is Wireshark's primary sponsor and provides our funding. They also make great products that fully integrate with Wireshark.

I have a lot of traffic...

ANSWER: SteelCentral™ Packet Analyzer PE
  • • Visually rich, powerful LAN analyzer
  • • Quickly access very large pcap files
  • • Professional, customizable reports
  • • Advanced triggers and alerts
Learn More

Buy Now

No, really, I have a LOT of traffic…

ANSWER: SteelCentral™ NetShark appliance
  • • Troubleshoot problems faster
  • • Quickly identify the applications running on your network
  • • Monitor your virtual machine traffic
Learn More