ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
July 17th, 2024 | 10:00am-11:55am SGT (UTC+8) | Online

Display Filter Reference: PCAP File Format

Protocol field name: file-pcap

Versions: 2.0.0 to 4.2.5

Back to Display Filter Reference

Field name Description Type Versions
pcap.capt_len_larger_than_orig_lencaptured length is larger than original lengthLabel4.2.0 to 4.2.5
pcap.capt_len_larger_than_snap_lencaptured length is larger than snapshot lengthLabel4.2.0 to 4.2.5
pcap.headerHeaderLabel2.0.0 to 4.2.5
pcap.header.magic_bytesMagic BytesUnsigned integer (32 bits)2.0.0 to 2.0.1
pcap.header.magic_numberMagic NumberByte sequence2.0.2 to 4.2.5
pcap.header.sigfigsSigfigsUnsigned integer (32 bits)2.0.0 to 4.2.5
pcap.header.snapshot_lengthSnapshot LengthUnsigned integer (32 bits)2.0.0 to 4.2.5
pcap.header.this_zoneThis ZoneSigned integer (32 bits)2.0.0 to 4.2.5
pcap.header.version.majorVersion MajorUnsigned integer (16 bits)2.0.0 to 4.2.5
pcap.header.version.minorVersion MinorUnsigned integer (16 bits)2.0.0 to 4.2.5
pcap.inc_len_larger_than_orig_lenincluded length is larger than original lengthLabel3.0.0 to 4.0.15
pcap.inc_len_larger_than_snap_lenincluded length is larger than snapshot lengthLabel3.0.0 to 4.0.15
pcap.packetPacketLabel2.0.0 to 4.2.5
pcap.packet.captured_lengthCaptured Packet LengthUnsigned integer (32 bits)4.2.0 to 4.2.5
pcap.packet.dataDataLabel2.0.0 to 4.2.5 to 2.0.16 to 2.0.16 integer (32 bits)2.0.0 to 2.0.16
pcap.packet.included_lengthIncluded LengthUnsigned integer (32 bits)2.0.0 to 4.0.15
pcap.packet.origin_lengthOrigin LengthUnsigned integer (32 bits)2.0.0 to 4.0.15
pcap.packet.original_lengthOriginal Packet LengthUnsigned integer (32 bits)4.2.0 to 4.2.5
pcap.packet.timestampTimestampDate and time2.0.0 to 4.2.5
pcap.packet.timestamp.secTimestamp secUnsigned integer (32 bits)2.0.0 to 4.2.5
pcap.packet.timestamp.usecTimestamp usecUnsigned integer (32 bits)2.0.0 to 4.2.5
pcap.unknown_encodingExpert InfoLabel2.0.0 to 2.0.1