Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Display Filter Reference: SEBEK - Kernel Data Capture

Protocol field name: sebek

Versions: 1.0.0 to 4.2.4

Back to Display Filter Reference

Field name Description Type Versions
sebek.cmdCommand NameCharacter string1.0.0 to 4.2.4
sebek.counterCounterUnsigned integer (32 bits)1.0.0 to 4.2.4
sebek.dataDataCharacter string1.0.0 to 4.2.4
sebek.fdFile DescriptorUnsigned integer (32 bits)1.0.0 to 4.2.4
sebek.inodeInode IDUnsigned integer (32 bits)1.0.0 to 4.2.4
sebek.lenData LengthUnsigned integer (32 bits)1.0.0 to 4.2.4
sebek.magicMagicUnsigned integer (32 bits)1.0.0 to 4.2.4
sebek.pidProcess IDUnsigned integer (32 bits)1.0.0 to 4.2.4
sebek.ppidParent Process IDUnsigned integer (32 bits)1.0.0 to 4.2.4
sebek.socket.callSocket.Call_idUnsigned integer (16 bits)1.0.0 to 4.2.4
sebek.socket.dst_ipSocket.remote_ipIPv4 address1.0.0 to 4.2.4
sebek.socket.dst_portSocket.remote_portUnsigned integer (16 bits)1.0.0 to 4.2.4
sebek.socket.ip_protoSocket.ip_protoUnsigned integer (8 bits)1.0.0 to 4.2.4
sebek.socket.src_ipSocket.local_ipIPv4 address1.0.0 to 4.2.4
sebek.socket.src_portSocket.local_portUnsigned integer (16 bits)1.0.0 to 4.2.4
sebek.time.secTimeDate and time1.0.0 to 4.2.4
sebek.typeTypeUnsigned integer (16 bits)1.0.0 to 4.2.4
sebek.uidUser IDUnsigned integer (32 bits)1.0.0 to 4.2.4
sebek.versionVersionUnsigned integer (16 bits)1.0.0 to 4.2.4

Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube