Wireshark • Display Filter Reference: Remote Packet Capture

Display Filter Reference: Remote Packet Capture

Protocol field name: rpcap

Versions: 1.2.0 to 4.6.0

Field name	Description	Type	Versions
rpcap.addr	Address	Label	1.2.0 to 4.6.0
rpcap.auth	Authentication	Label	1.2.0 to 2.4.12, 2.6.0 to 2.6.6
rpcap.auth_len1	Authentication item length 1	Unsigned integer (16 bits)	1.2.0 to 4.6.0
rpcap.auth_len2	Authentication item length 2	Unsigned integer (16 bits)	1.2.0 to 4.6.0
rpcap.auth_maxvers	Maximum version number supported	Unsigned integer (8 bits)	2.4.13 to 2.4.16, 2.6.7 to 4.6.0
rpcap.auth_minvers	Minimum version number supported	Unsigned integer (8 bits)	2.4.13 to 2.4.16, 2.6.7 to 4.6.0
rpcap.auth_reply	Authentication reply	Label	2.4.13 to 2.4.16, 2.6.7 to 4.6.0
rpcap.auth_request	Authentication request	Label	2.4.13 to 2.4.16, 2.6.7 to 4.6.0
rpcap.auth_type	Authentication type	Unsigned integer (16 bits)	1.2.0 to 4.6.0
rpcap.broadaddr	Broadcast	Label	1.2.0 to 4.6.0
rpcap.bufsize	Buffer size	Unsigned integer (32 bits)	1.2.0 to 4.6.0
rpcap.cap_len	Capture length	Unsigned integer (32 bits)	1.2.0 to 4.6.0
rpcap.caplen_too_big	Caplen is bigger than the remaining message length	Label	1.12.0 to 4.6.0
rpcap.client_port	Client Port	Unsigned integer (16 bits)	1.2.0 to 4.6.0
rpcap.desclen	Description length	Unsigned integer (32 bits)	1.2.0 to 4.6.0
rpcap.dstaddr	P2P destination address	Label	1.2.0 to 4.6.0
rpcap.dummy	Dummy	Unsigned integer (16 bits)	1.2.0 to 4.6.0
rpcap.error	Error	Character string	1.2.0 to 4.6.0
rpcap.error.expert	Error	Label	1.12.0 to 4.6.0
rpcap.error_value	Error value	Unsigned integer (16 bits)	1.2.0 to 4.6.0
rpcap.filter	Filter	Label	1.2.0 to 4.6.0
rpcap.filterbpf_insn	Filter BPF instruction	Label	1.2.0 to 4.6.0
rpcap.filtertype	Filter type	Unsigned integer (16 bits)	1.2.0 to 4.6.0
rpcap.findalldevs_reply	Find all devices	Label	1.2.0 to 4.6.0
rpcap.flags	Flags	Unsigned integer (16 bits)	1.2.0 to 4.6.0
rpcap.flags.dgram	Use Datagram	Boolean	1.2.0 to 4.6.0
rpcap.flags.inbound	Inbound	Boolean	1.2.0 to 4.6.0
rpcap.flags.outbound	Outbound	Boolean	1.2.0 to 4.6.0
rpcap.flags.promisc	Promiscuous mode	Boolean	1.2.0 to 4.6.0
rpcap.flags.serveropen	Server open	Boolean	1.2.0 to 4.6.0
rpcap.if	Interface	Label	1.2.0 to 4.6.0
rpcap.if.af	Address family	Unsigned integer (16 bits)	1.2.0 to 4.6.0
rpcap.if.flags	Interface flags	Unsigned integer (32 bits)	1.2.0 to 4.6.0
rpcap.if.flowinfo	Flow information	Unsigned integer (32 bits)	3.6.0 to 4.6.0
rpcap.if.ip	IP address	IPv4 address	1.2.0 to 3.4.16
rpcap.if.ipv4	IPv4 address	IPv4 address	3.6.0 to 4.6.0
rpcap.if.ipv6	IPv6 address	IPv6 address	3.6.0 to 4.6.0
rpcap.if.padding	Padding	Byte sequence	1.2.0 to 4.6.0
rpcap.if.port	Port	Unsigned integer (16 bits)	1.2.0 to 4.6.0
rpcap.if.scopeid	Scope ID	Unsigned integer (32 bits)	3.6.0 to 4.6.0
rpcap.if.unknown	Unknown address	Byte sequence	1.2.0 to 4.6.0
rpcap.if_unknown	Unknown address family	Label	1.12.0 to 4.6.0
rpcap.ifaddr	Interface address	Label	1.2.0 to 4.6.0
rpcap.ifdesc	Description	Character string	1.2.0 to 4.6.0
rpcap.ifdrop	Dropped by network interface	Unsigned integer (32 bits)	1.2.0 to 4.6.0
rpcap.ifname	Name	Character string	1.2.0 to 4.6.0
rpcap.ifrecv	Received by kernel filter	Unsigned integer (32 bits)	1.2.0 to 4.6.0
rpcap.instr_value	Instruction value	Unsigned integer (32 bits)	1.2.0 to 4.6.0
rpcap.jf	JF	Unsigned integer (8 bits)	1.2.0 to 4.6.0
rpcap.jt	JT	Unsigned integer (8 bits)	1.2.0 to 4.6.0
rpcap.krnldrop	Dropped by kernel filter	Unsigned integer (32 bits)	1.2.0 to 4.6.0
rpcap.len	Payload length	Unsigned integer (32 bits)	1.2.0 to 4.6.0
rpcap.linktype	Link type	Unsigned integer (32 bits)	1.2.0 to 4.6.0
rpcap.naddr	Number of addresses	Unsigned integer (32 bits)	1.2.0 to 4.6.0
rpcap.namelen	Name length	Unsigned integer (16 bits)	1.2.0 to 4.6.0
rpcap.netmask	Netmask	Label	1.2.0 to 4.6.0
rpcap.nitems	Number of items	Unsigned integer (32 bits)	1.2.0 to 4.6.0
rpcap.no_more_data	No more data in packet	Label	1.12.0 to 4.6.0
rpcap.number	Frame number	Unsigned integer (32 bits)	1.2.0 to 4.6.0
rpcap.opcode	Op code	Unsigned integer (16 bits)	1.2.0 to 4.6.0
rpcap.opcode.aluop	Op	Unsigned integer (16 bits)	1.8.0 to 4.6.0
rpcap.opcode.class	Class	Unsigned integer (16 bits)	1.8.0 to 4.6.0
rpcap.opcode.fields	Fields	Unsigned integer (16 bits)	1.8.0 to 4.6.0
rpcap.opcode.jmpop	Op	Unsigned integer (16 bits)	1.8.0 to 4.6.0
rpcap.opcode.miscop	Op	Unsigned integer (16 bits)	1.8.0 to 4.6.0
rpcap.opcode.mode	Mode	Unsigned integer (16 bits)	1.8.0 to 4.6.0
rpcap.opcode.rval	Rval	Unsigned integer (16 bits)	1.8.0 to 4.6.0
rpcap.opcode.size	Size	Unsigned integer (16 bits)	1.8.0 to 4.6.0
rpcap.opcode.src	Src	Unsigned integer (16 bits)	1.8.0 to 4.6.0
rpcap.open_reply	Open reply	Label	1.2.0 to 4.6.0
rpcap.open_request	Open request	Character string	1.2.0 to 4.6.0
rpcap.packet	Packet	Label	1.2.0 to 4.6.0
rpcap.password	Password	Character string	1.2.0 to 4.6.0
rpcap.read_timeout	Read timeout	Unsigned integer (32 bits)	1.2.0 to 4.6.0
rpcap.sampling_method	Method	Unsigned integer (8 bits)	1.2.0 to 4.6.0
rpcap.sampling_request	Sampling	Label	1.2.0 to 4.6.0
rpcap.sampling_value	Value	Unsigned integer (32 bits)	1.2.0 to 4.6.0
rpcap.server_port	Server port	Unsigned integer (16 bits)	1.2.0 to 4.6.0
rpcap.snaplen	Snap length	Unsigned integer (32 bits)	1.2.0 to 4.6.0
rpcap.srvcapt	Captured by rpcapd	Unsigned integer (32 bits)	1.2.0 to 4.6.0
rpcap.startcap_reply	Start capture reply	Label	1.2.0 to 4.6.0
rpcap.startcap_request	Start capture request	Label	1.2.0 to 4.6.0
rpcap.stats_reply	Statistics	Label	1.2.0 to 4.6.0
rpcap.time	Arrival time	Date and time	1.2.0 to 4.6.0
rpcap.type	Message type	Unsigned integer (8 bits)	1.2.0 to 4.6.0
rpcap.tzoff	Timezone offset	Unsigned integer (32 bits)	1.2.0 to 4.6.0
rpcap.username	Username	Character string	1.2.0 to 4.6.0
rpcap.value	Message value	Unsigned integer (16 bits)	1.2.0 to 4.6.0
rpcap.version	Version	Unsigned integer (8 bits)	1.2.0 to 4.6.0