Display Filter Reference: Remote Packet Capture
Protocol field name: rpcap
Versions: 1.2.0 to 2.6.1
Back to Display Filter Reference
| Field name | Description | Type | Versions |
|---|---|---|---|
| rpcap.addr | Address | Label | 1.2.0 to 2.6.1 |
| rpcap.auth | Authentication | Label | 1.2.0 to 2.6.1 |
| rpcap.auth_len1 | Authentication item length 1 | Unsigned integer, 2 bytes | 1.2.0 to 2.6.1 |
| rpcap.auth_len2 | Authentication item length 2 | Unsigned integer, 2 bytes | 1.2.0 to 2.6.1 |
| rpcap.auth_type | Authentication type | Unsigned integer, 2 bytes | 1.2.0 to 2.6.1 |
| rpcap.broadaddr | Broadcast | Label | 1.2.0 to 2.6.1 |
| rpcap.bufsize | Buffer size | Unsigned integer, 4 bytes | 1.2.0 to 2.6.1 |
| rpcap.cap_len | Capture length | Unsigned integer, 4 bytes | 1.2.0 to 2.6.1 |
| rpcap.caplen_too_big | Caplen is bigger than the remaining message length | Label | 1.12.0 to 2.6.1 |
| rpcap.client_port | Client Port | Unsigned integer, 2 bytes | 1.2.0 to 2.6.1 |
| rpcap.desclen | Description length | Unsigned integer, 4 bytes | 1.2.0 to 2.6.1 |
| rpcap.dstaddr | P2P destination address | Label | 1.2.0 to 2.6.1 |
| rpcap.dummy | Dummy | Unsigned integer, 2 bytes | 1.2.0 to 2.6.1 |
| rpcap.error | Error | Character string | 1.2.0 to 2.6.1 |
| rpcap.error.expert | Error | Label | 1.12.0 to 2.6.1 |
| rpcap.error_value | Error value | Unsigned integer, 2 bytes | 1.2.0 to 2.6.1 |
| rpcap.filter | Filter | Label | 1.2.0 to 2.6.1 |
| rpcap.filterbpf_insn | Filter BPF instruction | Label | 1.2.0 to 2.6.1 |
| rpcap.filtertype | Filter type | Unsigned integer, 2 bytes | 1.2.0 to 2.6.1 |
| rpcap.findalldevs_reply | Find all devices | Label | 1.2.0 to 2.6.1 |
| rpcap.flags | Flags | Unsigned integer, 2 bytes | 1.2.0 to 2.6.1 |
| rpcap.flags.dgram | Use Datagram | Boolean | 1.2.0 to 2.6.1 |
| rpcap.flags.inbound | Inbound | Boolean | 1.2.0 to 2.6.1 |
| rpcap.flags.outbound | Outbound | Boolean | 1.2.0 to 2.6.1 |
| rpcap.flags.promisc | Promiscuous mode | Boolean | 1.2.0 to 2.6.1 |
| rpcap.flags.serveropen | Server open | Boolean | 1.2.0 to 2.6.1 |
| rpcap.if | Interface | Label | 1.2.0 to 2.6.1 |
| rpcap.if.af | Address family | Unsigned integer, 2 bytes | 1.2.0 to 2.6.1 |
| rpcap.if.flags | Interface flags | Unsigned integer, 4 bytes | 1.2.0 to 2.6.1 |
| rpcap.if.ip | IP address | IPv4 address | 1.2.0 to 2.6.1 |
| rpcap.if.padding | Padding | Sequence of bytes | 1.2.0 to 2.6.1 |
| rpcap.if.port | Port | Unsigned integer, 2 bytes | 1.2.0 to 2.6.1 |
| rpcap.if.unknown | Unknown address | Sequence of bytes | 1.2.0 to 2.6.1 |
| rpcap.if_unknown | Unknown address family | Label | 1.12.0 to 2.6.1 |
| rpcap.ifaddr | Interface address | Label | 1.2.0 to 2.6.1 |
| rpcap.ifdesc | Description | Character string | 1.2.0 to 2.6.1 |
| rpcap.ifdrop | Dropped by network interface | Unsigned integer, 4 bytes | 1.2.0 to 2.6.1 |
| rpcap.ifname | Name | Character string | 1.2.0 to 2.6.1 |
| rpcap.ifrecv | Received by kernel filter | Unsigned integer, 4 bytes | 1.2.0 to 2.6.1 |
| rpcap.instr_value | Instruction value | Unsigned integer, 4 bytes | 1.2.0 to 2.6.1 |
| rpcap.jf | JF | Unsigned integer, 1 byte | 1.2.0 to 2.6.1 |
| rpcap.jt | JT | Unsigned integer, 1 byte | 1.2.0 to 2.6.1 |
| rpcap.krnldrop | Dropped by kernel filter | Unsigned integer, 4 bytes | 1.2.0 to 2.6.1 |
| rpcap.len | Payload length | Unsigned integer, 4 bytes | 1.2.0 to 2.6.1 |
| rpcap.linktype | Link type | Unsigned integer, 4 bytes | 1.2.0 to 2.6.1 |
| rpcap.naddr | Number of addresses | Unsigned integer, 4 bytes | 1.2.0 to 2.6.1 |
| rpcap.namelen | Name length | Unsigned integer, 2 bytes | 1.2.0 to 2.6.1 |
| rpcap.netmask | Netmask | Label | 1.2.0 to 2.6.1 |
| rpcap.nitems | Number of items | Unsigned integer, 4 bytes | 1.2.0 to 2.6.1 |
| rpcap.no_more_data | No more data in packet | Label | 1.12.0 to 2.6.1 |
| rpcap.number | Frame number | Unsigned integer, 4 bytes | 1.2.0 to 2.6.1 |
| rpcap.opcode | Op code | Unsigned integer, 2 bytes | 1.2.0 to 2.6.1 |
| rpcap.opcode.aluop | Op | Unsigned integer, 2 bytes | 1.8.0 to 2.6.1 |
| rpcap.opcode.class | Class | Unsigned integer, 2 bytes | 1.8.0 to 2.6.1 |
| rpcap.opcode.fields | Fields | Unsigned integer, 2 bytes | 1.8.0 to 2.6.1 |
| rpcap.opcode.jmpop | Op | Unsigned integer, 2 bytes | 1.8.0 to 2.6.1 |
| rpcap.opcode.miscop | Op | Unsigned integer, 2 bytes | 1.8.0 to 2.6.1 |
| rpcap.opcode.mode | Mode | Unsigned integer, 2 bytes | 1.8.0 to 2.6.1 |
| rpcap.opcode.rval | Rval | Unsigned integer, 2 bytes | 1.8.0 to 2.6.1 |
| rpcap.opcode.size | Size | Unsigned integer, 2 bytes | 1.8.0 to 2.6.1 |
| rpcap.opcode.src | Src | Unsigned integer, 2 bytes | 1.8.0 to 2.6.1 |
| rpcap.open_reply | Open reply | Label | 1.2.0 to 2.6.1 |
| rpcap.open_request | Open request | Character string | 1.2.0 to 2.6.1 |
| rpcap.packet | Packet | Label | 1.2.0 to 2.6.1 |
| rpcap.password | Password | Character string | 1.2.0 to 2.6.1 |
| rpcap.read_timeout | Read timeout | Unsigned integer, 4 bytes | 1.2.0 to 2.6.1 |
| rpcap.sampling_method | Method | Unsigned integer, 1 byte | 1.2.0 to 2.6.1 |
| rpcap.sampling_request | Sampling | Label | 1.2.0 to 2.6.1 |
| rpcap.sampling_value | Value | Unsigned integer, 4 bytes | 1.2.0 to 2.6.1 |
| rpcap.server_port | Server port | Unsigned integer, 2 bytes | 1.2.0 to 2.6.1 |
| rpcap.snaplen | Snap length | Unsigned integer, 4 bytes | 1.2.0 to 2.6.1 |
| rpcap.srvcapt | Captured by rpcapd | Unsigned integer, 4 bytes | 1.2.0 to 2.6.1 |
| rpcap.startcap_reply | Start capture reply | Label | 1.2.0 to 2.6.1 |
| rpcap.startcap_request | Start capture request | Label | 1.2.0 to 2.6.1 |
| rpcap.stats_reply | Statistics | Label | 1.2.0 to 2.6.1 |
| rpcap.time | Arrival time | Date and time | 1.2.0 to 2.6.1 |
| rpcap.type | Message type | Unsigned integer, 1 byte | 1.2.0 to 2.6.1 |
| rpcap.tzoff | Timezone offset | Unsigned integer, 4 bytes | 1.2.0 to 2.6.1 |
| rpcap.username | Username | Character string | 1.2.0 to 2.6.1 |
| rpcap.value | Message value | Unsigned integer, 2 bytes | 1.2.0 to 2.6.1 |
| rpcap.version | Version | Unsigned integer, 1 byte | 1.2.0 to 2.6.1 |
Go Beyond with Riverbed Technology
I have a lot of traffic...
ANSWER: SteelCentral™ Packet Analyzer PE
- • Visually rich, powerful LAN analyzer
- • Quickly access very large pcap files
- • Professional, customizable reports
- • Advanced triggers and alerts
No, really, I have a LOT of traffic…
ANSWER: SteelCentral™ NetShark appliance
- • Troubleshoot problems faster
- • Quickly identify the applications running on your network
- • Monitor your virtual machine traffic