Display Filter Reference: SEBEK - Kernel Data Capture
Protocol field name: sebek
Versions: 1.0.0 to 3.6.8
Back to Display Filter Reference
| Field name | Description | Type | Versions |
|---|---|---|---|
| sebek.cmd | Command Name | Character string | 1.0.0 to 3.6.8 |
| sebek.counter | Counter | Unsigned integer (4 bytes) | 1.0.0 to 3.6.8 |
| sebek.data | Data | Character string | 1.0.0 to 3.6.8 |
| sebek.fd | File Descriptor | Unsigned integer (4 bytes) | 1.0.0 to 3.6.8 |
| sebek.inode | Inode ID | Unsigned integer (4 bytes) | 1.0.0 to 3.6.8 |
| sebek.len | Data Length | Unsigned integer (4 bytes) | 1.0.0 to 3.6.8 |
| sebek.magic | Magic | Unsigned integer (4 bytes) | 1.0.0 to 3.6.8 |
| sebek.pid | Process ID | Unsigned integer (4 bytes) | 1.0.0 to 3.6.8 |
| sebek.ppid | Parent Process ID | Unsigned integer (4 bytes) | 1.0.0 to 3.6.8 |
| sebek.socket.call | Socket.Call_id | Unsigned integer (2 bytes) | 1.0.0 to 3.6.8 |
| sebek.socket.dst_ip | Socket.remote_ip | IPv4 address | 1.0.0 to 3.6.8 |
| sebek.socket.dst_port | Socket.remote_port | Unsigned integer (2 bytes) | 1.0.0 to 3.6.8 |
| sebek.socket.ip_proto | Socket.ip_proto | Unsigned integer (1 byte) | 1.0.0 to 3.6.8 |
| sebek.socket.src_ip | Socket.local_ip | IPv4 address | 1.0.0 to 3.6.8 |
| sebek.socket.src_port | Socket.local_port | Unsigned integer (2 bytes) | 1.0.0 to 3.6.8 |
| sebek.time.sec | Time | Date and time | 1.0.0 to 3.6.8 |
| sebek.type | Type | Unsigned integer (2 bytes) | 1.0.0 to 3.6.8 |
| sebek.uid | User ID | Unsigned integer (4 bytes) | 1.0.0 to 3.6.8 |
| sebek.version | Version | Unsigned integer (2 bytes) | 1.0.0 to 3.6.8 |