Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Display Filter Reference: Remote Packet Capture

Protocol field name: rpcap

Versions: 1.2.0 to 4.2.4

Back to Display Filter Reference

Field name Description Type Versions
rpcap.addrAddressLabel1.2.0 to 4.2.4
rpcap.authAuthenticationLabel1.2.0 to 2.4.12, 2.6.0 to 2.6.6
rpcap.auth_len1Authentication item length 1Unsigned integer (16 bits)1.2.0 to 4.2.4
rpcap.auth_len2Authentication item length 2Unsigned integer (16 bits)1.2.0 to 4.2.4
rpcap.auth_maxversMaximum version number supportedUnsigned integer (8 bits)2.4.13 to 2.4.16, 2.6.7 to 4.2.4
rpcap.auth_minversMinimum version number supportedUnsigned integer (8 bits)2.4.13 to 2.4.16, 2.6.7 to 4.2.4
rpcap.auth_replyAuthentication replyLabel2.4.13 to 2.4.16, 2.6.7 to 4.2.4
rpcap.auth_requestAuthentication requestLabel2.4.13 to 2.4.16, 2.6.7 to 4.2.4
rpcap.auth_typeAuthentication typeUnsigned integer (16 bits)1.2.0 to 4.2.4
rpcap.broadaddrBroadcastLabel1.2.0 to 4.2.4
rpcap.bufsizeBuffer sizeUnsigned integer (32 bits)1.2.0 to 4.2.4
rpcap.cap_lenCapture lengthUnsigned integer (32 bits)1.2.0 to 4.2.4
rpcap.caplen_too_bigCaplen is bigger than the remaining message lengthLabel1.12.0 to 4.2.4
rpcap.client_portClient PortUnsigned integer (16 bits)1.2.0 to 4.2.4
rpcap.desclenDescription lengthUnsigned integer (32 bits)1.2.0 to 4.2.4
rpcap.dstaddrP2P destination addressLabel1.2.0 to 4.2.4
rpcap.dummyDummyUnsigned integer (16 bits)1.2.0 to 4.2.4
rpcap.errorErrorCharacter string1.2.0 to 4.2.4
rpcap.error.expertErrorLabel1.12.0 to 4.2.4
rpcap.error_valueError valueUnsigned integer (16 bits)1.2.0 to 4.2.4
rpcap.filterFilterLabel1.2.0 to 4.2.4
rpcap.filterbpf_insnFilter BPF instructionLabel1.2.0 to 4.2.4
rpcap.filtertypeFilter typeUnsigned integer (16 bits)1.2.0 to 4.2.4
rpcap.findalldevs_replyFind all devicesLabel1.2.0 to 4.2.4
rpcap.flagsFlagsUnsigned integer (16 bits)1.2.0 to 4.2.4
rpcap.flags.dgramUse DatagramBoolean1.2.0 to 4.2.4
rpcap.flags.inboundInboundBoolean1.2.0 to 4.2.4
rpcap.flags.outboundOutboundBoolean1.2.0 to 4.2.4
rpcap.flags.promiscPromiscuous modeBoolean1.2.0 to 4.2.4
rpcap.flags.serveropenServer openBoolean1.2.0 to 4.2.4
rpcap.ifInterfaceLabel1.2.0 to 4.2.4
rpcap.if.afAddress familyUnsigned integer (16 bits)1.2.0 to 4.2.4
rpcap.if.flagsInterface flagsUnsigned integer (32 bits)1.2.0 to 4.2.4
rpcap.if.flowinfoFlow informationUnsigned integer (32 bits)3.6.0 to 4.2.4
rpcap.if.ipIP addressIPv4 address1.2.0 to 3.4.16
rpcap.if.ipv4IPv4 addressIPv4 address3.6.0 to 4.2.4
rpcap.if.ipv6IPv6 addressIPv6 address3.6.0 to 4.2.4
rpcap.if.paddingPaddingByte sequence1.2.0 to 4.2.4
rpcap.if.portPortUnsigned integer (16 bits)1.2.0 to 4.2.4
rpcap.if.scopeidScope IDUnsigned integer (32 bits)3.6.0 to 4.2.4
rpcap.if.unknownUnknown addressByte sequence1.2.0 to 4.2.4
rpcap.if_unknownUnknown address familyLabel1.12.0 to 4.2.4
rpcap.ifaddrInterface addressLabel1.2.0 to 4.2.4
rpcap.ifdescDescriptionCharacter string1.2.0 to 4.2.4
rpcap.ifdropDropped by network interfaceUnsigned integer (32 bits)1.2.0 to 4.2.4
rpcap.ifnameNameCharacter string1.2.0 to 4.2.4
rpcap.ifrecvReceived by kernel filterUnsigned integer (32 bits)1.2.0 to 4.2.4
rpcap.instr_valueInstruction valueUnsigned integer (32 bits)1.2.0 to 4.2.4
rpcap.jfJFUnsigned integer (8 bits)1.2.0 to 4.2.4
rpcap.jtJTUnsigned integer (8 bits)1.2.0 to 4.2.4
rpcap.krnldropDropped by kernel filterUnsigned integer (32 bits)1.2.0 to 4.2.4
rpcap.lenPayload lengthUnsigned integer (32 bits)1.2.0 to 4.2.4
rpcap.linktypeLink typeUnsigned integer (32 bits)1.2.0 to 4.2.4
rpcap.naddrNumber of addressesUnsigned integer (32 bits)1.2.0 to 4.2.4
rpcap.namelenName lengthUnsigned integer (16 bits)1.2.0 to 4.2.4
rpcap.netmaskNetmaskLabel1.2.0 to 4.2.4
rpcap.nitemsNumber of itemsUnsigned integer (32 bits)1.2.0 to 4.2.4
rpcap.no_more_dataNo more data in packetLabel1.12.0 to 4.2.4
rpcap.numberFrame numberUnsigned integer (32 bits)1.2.0 to 4.2.4
rpcap.opcodeOp codeUnsigned integer (16 bits)1.2.0 to 4.2.4
rpcap.opcode.aluopOpUnsigned integer (16 bits)1.8.0 to 4.2.4
rpcap.opcode.classClassUnsigned integer (16 bits)1.8.0 to 4.2.4
rpcap.opcode.fieldsFieldsUnsigned integer (16 bits)1.8.0 to 4.2.4
rpcap.opcode.jmpopOpUnsigned integer (16 bits)1.8.0 to 4.2.4
rpcap.opcode.miscopOpUnsigned integer (16 bits)1.8.0 to 4.2.4
rpcap.opcode.modeModeUnsigned integer (16 bits)1.8.0 to 4.2.4
rpcap.opcode.rvalRvalUnsigned integer (16 bits)1.8.0 to 4.2.4
rpcap.opcode.sizeSizeUnsigned integer (16 bits)1.8.0 to 4.2.4
rpcap.opcode.srcSrcUnsigned integer (16 bits)1.8.0 to 4.2.4
rpcap.open_replyOpen replyLabel1.2.0 to 4.2.4
rpcap.open_requestOpen requestCharacter string1.2.0 to 4.2.4
rpcap.packetPacketLabel1.2.0 to 4.2.4
rpcap.passwordPasswordCharacter string1.2.0 to 4.2.4
rpcap.read_timeoutRead timeoutUnsigned integer (32 bits)1.2.0 to 4.2.4
rpcap.sampling_methodMethodUnsigned integer (8 bits)1.2.0 to 4.2.4
rpcap.sampling_requestSamplingLabel1.2.0 to 4.2.4
rpcap.sampling_valueValueUnsigned integer (32 bits)1.2.0 to 4.2.4
rpcap.server_portServer portUnsigned integer (16 bits)1.2.0 to 4.2.4
rpcap.snaplenSnap lengthUnsigned integer (32 bits)1.2.0 to 4.2.4
rpcap.srvcaptCaptured by rpcapdUnsigned integer (32 bits)1.2.0 to 4.2.4
rpcap.startcap_replyStart capture replyLabel1.2.0 to 4.2.4
rpcap.startcap_requestStart capture requestLabel1.2.0 to 4.2.4
rpcap.stats_replyStatisticsLabel1.2.0 to 4.2.4
rpcap.timeArrival timeDate and time1.2.0 to 4.2.4
rpcap.typeMessage typeUnsigned integer (8 bits)1.2.0 to 4.2.4
rpcap.tzoffTimezone offsetUnsigned integer (32 bits)1.2.0 to 4.2.4
rpcap.usernameUsernameCharacter string1.2.0 to 4.2.4
rpcap.valueMessage valueUnsigned integer (16 bits)1.2.0 to 4.2.4
rpcap.versionVersionUnsigned integer (8 bits)1.2.0 to 4.2.4

Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube