Display Filter Reference: SEBEK - Kernel Data Capture
Protocol field name: sebek
Versions: 1.0.0 to 3.2.7
Back to Display Filter Reference
| Field name | Description | Type | Versions |
|---|---|---|---|
| sebek.cmd | Command Name | Character string | 1.0.0 to 3.2.7 |
| sebek.counter | Counter | Unsigned integer, 4 bytes | 1.0.0 to 3.2.7 |
| sebek.data | Data | Character string | 1.0.0 to 3.2.7 |
| sebek.fd | File Descriptor | Unsigned integer, 4 bytes | 1.0.0 to 3.2.7 |
| sebek.inode | Inode ID | Unsigned integer, 4 bytes | 1.0.0 to 3.2.7 |
| sebek.len | Data Length | Unsigned integer, 4 bytes | 1.0.0 to 3.2.7 |
| sebek.magic | Magic | Unsigned integer, 4 bytes | 1.0.0 to 3.2.7 |
| sebek.pid | Process ID | Unsigned integer, 4 bytes | 1.0.0 to 3.2.7 |
| sebek.ppid | Parent Process ID | Unsigned integer, 4 bytes | 1.0.0 to 3.2.7 |
| sebek.socket.call | Socket.Call_id | Unsigned integer, 2 bytes | 1.0.0 to 3.2.7 |
| sebek.socket.dst_ip | Socket.remote_ip | IPv4 address | 1.0.0 to 3.2.7 |
| sebek.socket.dst_port | Socket.remote_port | Unsigned integer, 2 bytes | 1.0.0 to 3.2.7 |
| sebek.socket.ip_proto | Socket.ip_proto | Unsigned integer, 1 byte | 1.0.0 to 3.2.7 |
| sebek.socket.src_ip | Socket.local_ip | IPv4 address | 1.0.0 to 3.2.7 |
| sebek.socket.src_port | Socket.local_port | Unsigned integer, 2 bytes | 1.0.0 to 3.2.7 |
| sebek.time.sec | Time | Date and time | 1.0.0 to 3.2.7 |
| sebek.type | Type | Unsigned integer, 2 bytes | 1.0.0 to 3.2.7 |
| sebek.uid | User ID | Unsigned integer, 4 bytes | 1.0.0 to 3.2.7 |
| sebek.version | Version | Unsigned integer, 2 bytes | 1.0.0 to 3.2.7 |
Go Beyond with Riverbed Technology
I have a lot of traffic...
ANSWER: SteelCentral™ AppResponse 11
- • Full stack analysis – from packets to pages
- • Rich performance metrics & pre-defined insights for fast problem identification/resolution
- • Modular, flexible solution for deeply-analyzing network & application performance