Display Filter Reference: Remote Packet Capture

Protocol field name: rpcap

Versions: 1.2.0 to 2.6.3

Back to Display Filter Reference

Field name Description Type Versions
rpcap.addr Address Label 1.2.0 to 2.6.3
rpcap.auth Authentication Label 1.2.0 to 2.6.3
rpcap.auth_len1 Authentication item length 1 Unsigned integer, 2 bytes 1.2.0 to 2.6.3
rpcap.auth_len2 Authentication item length 2 Unsigned integer, 2 bytes 1.2.0 to 2.6.3
rpcap.auth_type Authentication type Unsigned integer, 2 bytes 1.2.0 to 2.6.3
rpcap.broadaddr Broadcast Label 1.2.0 to 2.6.3
rpcap.bufsize Buffer size Unsigned integer, 4 bytes 1.2.0 to 2.6.3
rpcap.cap_len Capture length Unsigned integer, 4 bytes 1.2.0 to 2.6.3
rpcap.caplen_too_big Caplen is bigger than the remaining message length Label 1.12.0 to 2.6.3
rpcap.client_port Client Port Unsigned integer, 2 bytes 1.2.0 to 2.6.3
rpcap.desclen Description length Unsigned integer, 4 bytes 1.2.0 to 2.6.3
rpcap.dstaddr P2P destination address Label 1.2.0 to 2.6.3
rpcap.dummy Dummy Unsigned integer, 2 bytes 1.2.0 to 2.6.3
rpcap.error Error Character string 1.2.0 to 2.6.3
rpcap.error.expert Error Label 1.12.0 to 2.6.3
rpcap.error_value Error value Unsigned integer, 2 bytes 1.2.0 to 2.6.3
rpcap.filter Filter Label 1.2.0 to 2.6.3
rpcap.filterbpf_insn Filter BPF instruction Label 1.2.0 to 2.6.3
rpcap.filtertype Filter type Unsigned integer, 2 bytes 1.2.0 to 2.6.3
rpcap.findalldevs_reply Find all devices Label 1.2.0 to 2.6.3
rpcap.flags Flags Unsigned integer, 2 bytes 1.2.0 to 2.6.3
rpcap.flags.dgram Use Datagram Boolean 1.2.0 to 2.6.3
rpcap.flags.inbound Inbound Boolean 1.2.0 to 2.6.3
rpcap.flags.outbound Outbound Boolean 1.2.0 to 2.6.3
rpcap.flags.promisc Promiscuous mode Boolean 1.2.0 to 2.6.3
rpcap.flags.serveropen Server open Boolean 1.2.0 to 2.6.3
rpcap.if Interface Label 1.2.0 to 2.6.3
rpcap.if.af Address family Unsigned integer, 2 bytes 1.2.0 to 2.6.3
rpcap.if.flags Interface flags Unsigned integer, 4 bytes 1.2.0 to 2.6.3
rpcap.if.ip IP address IPv4 address 1.2.0 to 2.6.3
rpcap.if.padding Padding Sequence of bytes 1.2.0 to 2.6.3
rpcap.if.port Port Unsigned integer, 2 bytes 1.2.0 to 2.6.3
rpcap.if.unknown Unknown address Sequence of bytes 1.2.0 to 2.6.3
rpcap.if_unknown Unknown address family Label 1.12.0 to 2.6.3
rpcap.ifaddr Interface address Label 1.2.0 to 2.6.3
rpcap.ifdesc Description Character string 1.2.0 to 2.6.3
rpcap.ifdrop Dropped by network interface Unsigned integer, 4 bytes 1.2.0 to 2.6.3
rpcap.ifname Name Character string 1.2.0 to 2.6.3
rpcap.ifrecv Received by kernel filter Unsigned integer, 4 bytes 1.2.0 to 2.6.3
rpcap.instr_value Instruction value Unsigned integer, 4 bytes 1.2.0 to 2.6.3
rpcap.jf JF Unsigned integer, 1 byte 1.2.0 to 2.6.3
rpcap.jt JT Unsigned integer, 1 byte 1.2.0 to 2.6.3
rpcap.krnldrop Dropped by kernel filter Unsigned integer, 4 bytes 1.2.0 to 2.6.3
rpcap.len Payload length Unsigned integer, 4 bytes 1.2.0 to 2.6.3
rpcap.linktype Link type Unsigned integer, 4 bytes 1.2.0 to 2.6.3
rpcap.naddr Number of addresses Unsigned integer, 4 bytes 1.2.0 to 2.6.3
rpcap.namelen Name length Unsigned integer, 2 bytes 1.2.0 to 2.6.3
rpcap.netmask Netmask Label 1.2.0 to 2.6.3
rpcap.nitems Number of items Unsigned integer, 4 bytes 1.2.0 to 2.6.3
rpcap.no_more_data No more data in packet Label 1.12.0 to 2.6.3
rpcap.number Frame number Unsigned integer, 4 bytes 1.2.0 to 2.6.3
rpcap.opcode Op code Unsigned integer, 2 bytes 1.2.0 to 2.6.3
rpcap.opcode.aluop Op Unsigned integer, 2 bytes 1.8.0 to 2.6.3
rpcap.opcode.class Class Unsigned integer, 2 bytes 1.8.0 to 2.6.3
rpcap.opcode.fields Fields Unsigned integer, 2 bytes 1.8.0 to 2.6.3
rpcap.opcode.jmpop Op Unsigned integer, 2 bytes 1.8.0 to 2.6.3
rpcap.opcode.miscop Op Unsigned integer, 2 bytes 1.8.0 to 2.6.3
rpcap.opcode.mode Mode Unsigned integer, 2 bytes 1.8.0 to 2.6.3
rpcap.opcode.rval Rval Unsigned integer, 2 bytes 1.8.0 to 2.6.3
rpcap.opcode.size Size Unsigned integer, 2 bytes 1.8.0 to 2.6.3
rpcap.opcode.src Src Unsigned integer, 2 bytes 1.8.0 to 2.6.3
rpcap.open_reply Open reply Label 1.2.0 to 2.6.3
rpcap.open_request Open request Character string 1.2.0 to 2.6.3
rpcap.packet Packet Label 1.2.0 to 2.6.3
rpcap.password Password Character string 1.2.0 to 2.6.3
rpcap.read_timeout Read timeout Unsigned integer, 4 bytes 1.2.0 to 2.6.3
rpcap.sampling_method Method Unsigned integer, 1 byte 1.2.0 to 2.6.3
rpcap.sampling_request Sampling Label 1.2.0 to 2.6.3
rpcap.sampling_value Value Unsigned integer, 4 bytes 1.2.0 to 2.6.3
rpcap.server_port Server port Unsigned integer, 2 bytes 1.2.0 to 2.6.3
rpcap.snaplen Snap length Unsigned integer, 4 bytes 1.2.0 to 2.6.3
rpcap.srvcapt Captured by rpcapd Unsigned integer, 4 bytes 1.2.0 to 2.6.3
rpcap.startcap_reply Start capture reply Label 1.2.0 to 2.6.3
rpcap.startcap_request Start capture request Label 1.2.0 to 2.6.3
rpcap.stats_reply Statistics Label 1.2.0 to 2.6.3
rpcap.time Arrival time Date and time 1.2.0 to 2.6.3
rpcap.type Message type Unsigned integer, 1 byte 1.2.0 to 2.6.3
rpcap.tzoff Timezone offset Unsigned integer, 4 bytes 1.2.0 to 2.6.3
rpcap.username Username Character string 1.2.0 to 2.6.3
rpcap.value Message value Unsigned integer, 2 bytes 1.2.0 to 2.6.3
rpcap.version Version Unsigned integer, 1 byte 1.2.0 to 2.6.3
Go Beyond with Riverbed Technology

Riverbed is Wireshark's primary sponsor and provides our funding. They also make great products that fully integrate with Wireshark.

I have a lot of traffic...

ANSWER: SteelCentral™ Packet Analyzer PE
  • • Visually rich, powerful LAN analyzer
  • • Quickly access very large pcap files
  • • Professional, customizable reports
  • • Advanced triggers and alerts
Learn More

Buy Now

No, really, I have a LOT of traffic…

ANSWER: SteelCentral™ AppResponse 11
  • • Full stack analysis – from packets to pages
  • • Rich performance metrics & pre-defined insights for fast problem identification/resolution
  • • Modular, flexible solution for deeply-analyzing network & application performance
Learn More