Display Filter Reference: Remote Packet Capture
Protocol field name: rpcap
Versions: 1.2.0 to 4.0.3
Back to Display Filter Reference
Field name | Description | Type | Versions |
---|---|---|---|
rpcap.addr | Address | Label | 1.2.0 to 4.0.3 |
rpcap.auth | Authentication | Label | 1.2.0 to 2.4.12, 2.6.0 to 2.6.6 |
rpcap.auth_len1 | Authentication item length 1 | Unsigned integer (2 bytes) | 1.2.0 to 4.0.3 |
rpcap.auth_len2 | Authentication item length 2 | Unsigned integer (2 bytes) | 1.2.0 to 4.0.3 |
rpcap.auth_maxvers | Maximum version number supported | Unsigned integer (1 byte) | 2.4.13 to 2.4.16, 2.6.7 to 4.0.3 |
rpcap.auth_minvers | Minimum version number supported | Unsigned integer (1 byte) | 2.4.13 to 2.4.16, 2.6.7 to 4.0.3 |
rpcap.auth_reply | Authentication reply | Label | 2.4.13 to 2.4.16, 2.6.7 to 4.0.3 |
rpcap.auth_request | Authentication request | Label | 2.4.13 to 2.4.16, 2.6.7 to 4.0.3 |
rpcap.auth_type | Authentication type | Unsigned integer (2 bytes) | 1.2.0 to 4.0.3 |
rpcap.broadaddr | Broadcast | Label | 1.2.0 to 4.0.3 |
rpcap.bufsize | Buffer size | Unsigned integer (4 bytes) | 1.2.0 to 4.0.3 |
rpcap.cap_len | Capture length | Unsigned integer (4 bytes) | 1.2.0 to 4.0.3 |
rpcap.caplen_too_big | Caplen is bigger than the remaining message length | Label | 1.12.0 to 4.0.3 |
rpcap.client_port | Client Port | Unsigned integer (2 bytes) | 1.2.0 to 4.0.3 |
rpcap.desclen | Description length | Unsigned integer (4 bytes) | 1.2.0 to 4.0.3 |
rpcap.dstaddr | P2P destination address | Label | 1.2.0 to 4.0.3 |
rpcap.dummy | Dummy | Unsigned integer (2 bytes) | 1.2.0 to 4.0.3 |
rpcap.error | Error | Character string | 1.2.0 to 4.0.3 |
rpcap.error.expert | Error | Label | 1.12.0 to 4.0.3 |
rpcap.error_value | Error value | Unsigned integer (2 bytes) | 1.2.0 to 4.0.3 |
rpcap.filter | Filter | Label | 1.2.0 to 4.0.3 |
rpcap.filterbpf_insn | Filter BPF instruction | Label | 1.2.0 to 4.0.3 |
rpcap.filtertype | Filter type | Unsigned integer (2 bytes) | 1.2.0 to 4.0.3 |
rpcap.findalldevs_reply | Find all devices | Label | 1.2.0 to 4.0.3 |
rpcap.flags | Flags | Unsigned integer (2 bytes) | 1.2.0 to 4.0.3 |
rpcap.flags.dgram | Use Datagram | Boolean | 1.2.0 to 4.0.3 |
rpcap.flags.inbound | Inbound | Boolean | 1.2.0 to 4.0.3 |
rpcap.flags.outbound | Outbound | Boolean | 1.2.0 to 4.0.3 |
rpcap.flags.promisc | Promiscuous mode | Boolean | 1.2.0 to 4.0.3 |
rpcap.flags.serveropen | Server open | Boolean | 1.2.0 to 4.0.3 |
rpcap.if | Interface | Label | 1.2.0 to 4.0.3 |
rpcap.if.af | Address family | Unsigned integer (2 bytes) | 1.2.0 to 4.0.3 |
rpcap.if.flags | Interface flags | Unsigned integer (4 bytes) | 1.2.0 to 4.0.3 |
rpcap.if.flowinfo | Flow information | Unsigned integer (4 bytes) | 3.6.0 to 4.0.3 |
rpcap.if.ip | IP address | IPv4 address | 1.2.0 to 3.4.16 |
rpcap.if.ipv4 | IPv4 address | IPv4 address | 3.6.0 to 4.0.3 |
rpcap.if.ipv6 | IPv6 address | IPv6 address | 3.6.0 to 4.0.3 |
rpcap.if.padding | Padding | Byte sequence | 1.2.0 to 4.0.3 |
rpcap.if.port | Port | Unsigned integer (2 bytes) | 1.2.0 to 4.0.3 |
rpcap.if.scopeid | Scope ID | Unsigned integer (4 bytes) | 3.6.0 to 4.0.3 |
rpcap.if.unknown | Unknown address | Byte sequence | 1.2.0 to 4.0.3 |
rpcap.if_unknown | Unknown address family | Label | 1.12.0 to 4.0.3 |
rpcap.ifaddr | Interface address | Label | 1.2.0 to 4.0.3 |
rpcap.ifdesc | Description | Character string | 1.2.0 to 4.0.3 |
rpcap.ifdrop | Dropped by network interface | Unsigned integer (4 bytes) | 1.2.0 to 4.0.3 |
rpcap.ifname | Name | Character string | 1.2.0 to 4.0.3 |
rpcap.ifrecv | Received by kernel filter | Unsigned integer (4 bytes) | 1.2.0 to 4.0.3 |
rpcap.instr_value | Instruction value | Unsigned integer (4 bytes) | 1.2.0 to 4.0.3 |
rpcap.jf | JF | Unsigned integer (1 byte) | 1.2.0 to 4.0.3 |
rpcap.jt | JT | Unsigned integer (1 byte) | 1.2.0 to 4.0.3 |
rpcap.krnldrop | Dropped by kernel filter | Unsigned integer (4 bytes) | 1.2.0 to 4.0.3 |
rpcap.len | Payload length | Unsigned integer (4 bytes) | 1.2.0 to 4.0.3 |
rpcap.linktype | Link type | Unsigned integer (4 bytes) | 1.2.0 to 4.0.3 |
rpcap.naddr | Number of addresses | Unsigned integer (4 bytes) | 1.2.0 to 4.0.3 |
rpcap.namelen | Name length | Unsigned integer (2 bytes) | 1.2.0 to 4.0.3 |
rpcap.netmask | Netmask | Label | 1.2.0 to 4.0.3 |
rpcap.nitems | Number of items | Unsigned integer (4 bytes) | 1.2.0 to 4.0.3 |
rpcap.no_more_data | No more data in packet | Label | 1.12.0 to 4.0.3 |
rpcap.number | Frame number | Unsigned integer (4 bytes) | 1.2.0 to 4.0.3 |
rpcap.opcode | Op code | Unsigned integer (2 bytes) | 1.2.0 to 4.0.3 |
rpcap.opcode.aluop | Op | Unsigned integer (2 bytes) | 1.8.0 to 4.0.3 |
rpcap.opcode.class | Class | Unsigned integer (2 bytes) | 1.8.0 to 4.0.3 |
rpcap.opcode.fields | Fields | Unsigned integer (2 bytes) | 1.8.0 to 4.0.3 |
rpcap.opcode.jmpop | Op | Unsigned integer (2 bytes) | 1.8.0 to 4.0.3 |
rpcap.opcode.miscop | Op | Unsigned integer (2 bytes) | 1.8.0 to 4.0.3 |
rpcap.opcode.mode | Mode | Unsigned integer (2 bytes) | 1.8.0 to 4.0.3 |
rpcap.opcode.rval | Rval | Unsigned integer (2 bytes) | 1.8.0 to 4.0.3 |
rpcap.opcode.size | Size | Unsigned integer (2 bytes) | 1.8.0 to 4.0.3 |
rpcap.opcode.src | Src | Unsigned integer (2 bytes) | 1.8.0 to 4.0.3 |
rpcap.open_reply | Open reply | Label | 1.2.0 to 4.0.3 |
rpcap.open_request | Open request | Character string | 1.2.0 to 4.0.3 |
rpcap.packet | Packet | Label | 1.2.0 to 4.0.3 |
rpcap.password | Password | Character string | 1.2.0 to 4.0.3 |
rpcap.read_timeout | Read timeout | Unsigned integer (4 bytes) | 1.2.0 to 4.0.3 |
rpcap.sampling_method | Method | Unsigned integer (1 byte) | 1.2.0 to 4.0.3 |
rpcap.sampling_request | Sampling | Label | 1.2.0 to 4.0.3 |
rpcap.sampling_value | Value | Unsigned integer (4 bytes) | 1.2.0 to 4.0.3 |
rpcap.server_port | Server port | Unsigned integer (2 bytes) | 1.2.0 to 4.0.3 |
rpcap.snaplen | Snap length | Unsigned integer (4 bytes) | 1.2.0 to 4.0.3 |
rpcap.srvcapt | Captured by rpcapd | Unsigned integer (4 bytes) | 1.2.0 to 4.0.3 |
rpcap.startcap_reply | Start capture reply | Label | 1.2.0 to 4.0.3 |
rpcap.startcap_request | Start capture request | Label | 1.2.0 to 4.0.3 |
rpcap.stats_reply | Statistics | Label | 1.2.0 to 4.0.3 |
rpcap.time | Arrival time | Date and time | 1.2.0 to 4.0.3 |
rpcap.type | Message type | Unsigned integer (1 byte) | 1.2.0 to 4.0.3 |
rpcap.tzoff | Timezone offset | Unsigned integer (4 bytes) | 1.2.0 to 4.0.3 |
rpcap.username | Username | Character string | 1.2.0 to 4.0.3 |
rpcap.value | Message value | Unsigned integer (2 bytes) | 1.2.0 to 4.0.3 |
rpcap.version | Version | Unsigned integer (1 byte) | 1.2.0 to 4.0.3 |