Wireshark · Display Filter Reference: Linux Netfilter NFLOG

Display Filter Reference: Linux Netfilter NFLOG

Protocol field name: nflog

Versions: 1.8.0 to 2.6.1

Back to Display Filter Reference

Field name	Description	Type	Versions
nflog.encoding	Encoding	Unsigned integer, 4 bytes	1.8.0 to 1.10.14
nflog.family	Family	Unsigned integer, 1 byte	1.8.0 to 2.6.1
nflog.gid	GID	Signed integer, 4 bytes	1.8.0 to 2.6.1
nflog.hook	Netfilter hook	Unsigned integer, 1 byte	2.4.0 to 2.6.1
nflog.ifindex_indev	IFINDEX_INDEV	Unsigned integer, 4 bytes	2.4.0 to 2.6.1
nflog.ifindex_outdev	IFINDEX_OUTDEV	Unsigned integer, 4 bytes	2.4.0 to 2.6.1
nflog.ifindex_physindev	IFINDEX_PHYSINDEV	Unsigned integer, 4 bytes	2.4.0 to 2.6.1
nflog.ifindex_physoutdev	IFINDEX_PHYSOUTDEV	Unsigned integer, 4 bytes	2.4.0 to 2.6.1
nflog.prefix	Prefix	Character string	1.8.0 to 2.6.1
nflog.protocol	HW protocol	Unsigned integer, 2 bytes	2.4.0 to 2.6.1
nflog.res_id	Resource id	Unsigned integer, 2 bytes	1.8.0 to 2.6.1
nflog.timestamp	Timestamp	Date and time	1.8.0 to 2.6.1
nflog.tlv	TLV	Sequence of bytes	1.8.0 to 2.6.1
nflog.tlv_length	Length	Unsigned integer, 2 bytes	1.8.0 to 2.6.1
nflog.tlv_type	Type	Unsigned integer, 2 bytes	1.8.0 to 2.6.1
nflog.tlv_value	Value	Sequence of bytes	1.8.0 to 2.6.1
nflog.uid	UID	Signed integer, 4 bytes	1.8.0 to 2.6.1
nflog.version	Version	Unsigned integer, 1 byte	1.8.0 to 2.6.1

Go Beyond with Riverbed Technology

Riverbed is Wireshark's primary sponsor and provides our funding. They also make great products that fully integrate with Wireshark.

I have a lot of traffic...

ANSWER: SteelCentral™ Packet Analyzer PE

• Visually rich, powerful LAN analyzer
• Quickly access very large pcap files
• Professional, customizable reports
• Advanced triggers and alerts

Learn More

Buy Now

No, really, I have a LOT of traffic…

ANSWER: SteelCentral™ NetShark appliance

• Troubleshoot problems faster
• Quickly identify the applications running on your network
• Monitor your virtual machine traffic

Learn More