Партнёры:
Хостинг:
Tethereal - Dump and analyze network trafficSYNOPSYS
tethereal [ -c count ] [ -D ] [ -f filter expression ] [ -F file format ] [ -h ] [ -i interface ] [ -n ] [ -r infile ] [ -R filter expression ] [ -s snaplen ] [ -t time stamp format ] [ -v ] [ -V ] [ -w savefile ] [ -x ] [ filter expression ]DESCRIPTION
Tethereal is a network protocol analyzer. It lets you capture packet data from a live network, or read packets from a previously saved capture file, either printing a decoded form of those packets to the standard output or writing the packets to a file. Tethereal knows how to read libpcap capture files, including those of tcpdump. In addition, Tethereal can read capture files from snoop (including Shomiti) and atmsnoop, LanAlyzer, Sniffer (compressed or uncompressed), Microsoft Network Monitor, AIX's iptrace, NetXray, Sniffer Pro, RADCOM's WAN/LAN analyzer, Lucent/Ascend router debug output, HP-UX's nettl, the dump output from Toshiba's ISDN routers, and i4btrace from the ISDN4BSD project. There is no need to tell Tethereal what type of file you are reading; it will determine the file type by itself. Tethereal is also capable of reading any of these file formats if they are compressed using gzip. Tethereal recognizes this directly from the file; the '.gz' extension is not required for this purpose. If the -w flag is not specified, Tethereal prints a decoded form of the packets it captures or reads; otherwise, it writes those packets to the file specified by that flag. When printing a decoded form of packets, Tethereal prints, by default, a summary line giving a time stamp for the packet if it's reading a capture file (but not if it's printing packets as it captures them), the source and destination address for the packet, the top-level protocol for the packet that Tethereal understands, and a summary of the packet's contents for that protocol. If the -V flag is specified, it prints intead a protocol tree, showing all the fields of all protocols in the packet. When writing packets to a file, Tethereal, by default, writes the file in libpcap format, and writes all of the packets it sees to the output file. The -F flag can be used to specify the format in which to write the file; it can write the file in libpcap format (standard libpcap format, a modified format used by some patched versions of libpcap, or the format used by Red Hat Linux 6.1), snoop format, uncompressed Sniffer format, Microsoft Network Monitor 1.x format, and the format used by Windows-based versions of the Sniffer software. Read filters in Tethereal, which allow you to select which packets are to be decoded or written to a file, are very powerful; more fields are filterable in Tethereal than in other protocol analyzers, and the syntax you can use to create your filters is richer. As Tethereal progresses, expect more and more protocol fields to be allowed in read filters. Packet capturing is performed with the pcap library. The capture filter syntax follows the rules of the pcap library. This syntax is different from the read filter syntax. A read filter can also be specified when capturing, and only packets that pass the read filter will be displayed or saved to the output file; note, however, that capture filers are much more efficient than read filters, and it may be more difficult for Tethereal to keep up with a busy network if a read filter is specified for a live capture. Compressed file support uses (and therefore requires) the zlib library. If the zlib library is not present, Tethereal will compile, but will be unable to read compressed files. A capture or read filter can either be specified with the -f or -R option, respectively, in which case the entire filter expression must be specified as a single argument (which means that if it contains spaces, it must be quoted), or can be specified with command-line arguments after the option arguments, in which case all the arguments after the filter arguments are treated as a filter expression.OPTIONS
-c Sets the default number of packets to read when capturing live data. -D Turns off treating the original IPv4 TOS field as the Differentiated Services Field. The structure of the DS Field is defined in RFC 2474. -f Sets the capture filter expression. -F Sets the file format of the output capture file. -h Prints the version and options and exits. -i Sets the name of the network interface to use for live packet capture. It should match one of the names listed in "netstat -i" or "ifconfig -a". If no interface is specified, Tethereal searches the list of interfaces, choosing the first non-loopback interface if there are any non-loopback interfaces, and choosing the first loopback interface if there are no non-loopback interfaces; if there are no interfaces, Tethereal reports an error and doesn't start the capture. -n Disables network object name resolution (such as hostname, TCP and UDP port names). -r Reads packet data from file. -R Causes the specified filter (which uses the syntax of read filters, rather than that of capture filters) to be applied before printing a decoded form of packets or writing packets to a file; packets not matching the filter are discarded rather than being printed or written. -s Sets the default snapshot length to use when capturing live data. No more than snaplen bytes of each network packet will be read into memory, or saved to disk. -t Sets the format of the packet timestamp printed in summary lines. The format can be one of 'r' (relative), 'a' (absolute), or 'd' (delta). The relative time is the time elapsed between the first packet and the current packet. The absolute time is the actual date and time the packet was captured. The delta time is the time since the previous packet was captured. The default is relative. -v Prints the version and exits. -V Causes Tethereal to print a protocol tree for each packet rather than a one-line summary of the packet. -w Writes packet data to savefile. -x Causes Tethereal to print a hex and ASCII dump of the packet data after printing the summary or protocol tree.CAPTURE FILTER SYNTAX
See manual page of tcpdump(8).READ FILTER SYNTAX
Read filters help you remove the noise from a packet trace and let you see only the packets that interest you. If a packet meets the requirements expressed in your read filter, then it is printed. Read filters let you compare the fields within a protocol against a specific value, compare fields against fields, and to check the existence of specified fields or protocols. The simplest read filter allows you to check for the existence of a protocol or field. If you want to see all packets which contain the IPX protocol, the filter would be "ipx". (Without the quotation marks) To see all packets that contain a Token-Ring RIF field, use "tr.rif". Fields can also be compared against values. The comparison operators can be expressed either through C-like symbols, or through English-like abbreviations: eq, == Equal ne, != Not equal gt, > Greater than lt, < Less Than ge, >= Greater than or Equal to le, <= Less than or Equal to Furthermore, each protocol field is typed. The types are: Unsigned integer (either 8-bit, 16-bit, 24-bit, or 32-bit) Signed integer (either 8-bit, 16-bit, 24-bit, or 32-bit) Boolean Ethernet address (6 bytes) Byte string (n-number of bytes) IPv4 address IPv6 address IPX network number String (text) Double-precision floating point number An integer may be expressed in decimal, octal, or hexadecimal notation. The following three read filters are equivalent: frame.pkt_len > 10 frame.pkt_len > 012 frame.pkt_len > 0xa Boolean values are either true or false. However, a boolean field is present in a protocol decode only if its value is true. If the value is false, the field is not presence. You can therefore check the truth value of a boolean field by simply checking for its existence, that is, by naming the field. For example, a token-ring packet's source route field is boolean. To find any source-routed packets, the read filter is simply: tr.sr Non source-routed packets can be found with the negation of that filter: ! tr.sr Ethernet addresses, as well as a string of bytes, are represented in hex digits. The hex digits may be separated by colons, periods, or hyphens: fddi.dst eq ff:ff:ff:ff:ff:ff ipx.srcnode == 0.0.0.0.0.1 eth.src == aa-aa-aa-aa-aa-aa If a string of bytes contains only one byte, then it is represented as an unsigned integer. That is, if you are testing for hex value 'ff' in a one-byte byte-string, you must compare it agains '0xff' and not 'ff'. IPv4 addresses can be represented in either dotted decimal notation, or by using the hostname: ip.dst eq www.mit.edu ip.src == 192.168.1.1 IPv4 address can be compared with the same logical relations as numbers: eq, ne, gt, ge, lt, and le. The IPv4 address is stored in host order, so you do not have to worry about how the endianness of an IPv4 address when using it in a read filter. Classless InterDomain Routing (CIDR) notation can be used to test if an IPv4 address is in a certain subnet. For example, this read filter will find all packets in the 129.111 Class-B network: ip.addr == 129.111.0.0/16 Remember, the number after the slash represents the number of bits used to represent the network. CIDR notation can also be used with hostnames, in this example of finding IP addresses on the same Class C network as 'sneezy': ip.addr eq sneezy/24 The CIDR notation can only be used on IP addresses or hostnames, not in variable names. So, a read filter like "ip.src/24 == ip.dst/24" is not valid. (yet) IPX networks are represented by unsigned 32-bit integers. Most likely you will be using hexadecimal when testing for IPX network values: ipx.srcnet == 0xc0a82c00 A substring operator also exists. You can check the substring (byte-string) of any protocol or field. For example, you can filter on the vendor portion of an ethernet address (the first three bytes) like this: eth.src[0:3] == 00:00:83 Or more simply, since the number of bytes is inherent in the byte-string you provide, you can provide just the offset. The previous example can be stated like this: eth.src[0] == 00:00:83 In fact, the only time you need to explicitly provide a length is when you don't provide a byte-string, and are comparing fields against fields: fddi.src[0:3] == fddi.dst[0:3] If the length of your byte-string is only one byte, then it must be represented in the same way as an unsigned 8-bit integer: llc[3] == 0xaa You can use the substring operator on a protocol name, too. And remember, the "frame" protocol encompasses the entire packet, allowing you to look at the nth byte of a packet regardless of its frame type (Ethernet, token-ring, etc.). token[0:5] ne 0.0.0.1.1 ipx[0:2] == ff:ff llc[3:1] eq 0xaa Offsets for byte-strings can also be negative, in which case the negative number indicates the number of bytes from the end of the field or protocol that you are testing. Here's how to check the last 4 bytes of a frame: frame[-4] == 0.1.2.3 or frame[-4:4] == 0.1.2.3 All the above tests can be combined together with logical expressions. These too are expressable in C-like syntax or with English-like abbreviations: and, && Logical AND or, || Logical OR xor, ^^ Logical XOR not, ! Logical NOT Expressions can be grouped by parentheses as well. The following are all valid read filter expression: tcp.port == 80 and ip.src == 192.168.2.1 not llc (ipx.srcnet == 0xbad && ipx.srnode == 0.0.0.0.0.1) || ip tr.dst[0:3] == 0.6.29 xor tr.src[0:3] == 0.6.29 A special caveat must be given regarding fields that occur more than once per packet. "ip.addr" occurs twice per IP packet, once for the source address, and once for the destination address. Likewise, tr.rif.ring fields can occur more than once per packet. The following two expressions are not equivalent: ip.addr ne 192.168.4.1 not ip.addr eq 192.168.4.1 The first filter says "show me all packets where an ip.addr exists that does not equal 192.168.4.1". That is, as long as one ip.addr in the packet does not equal 192.168.44.1, the packet passes the display filter. The second filter "don't show me any packets that have at least one ip.addr field equal to 192.168.4.1". If one ip.addr is 192.168.4.1, the packet does not pass. If neither ip.addr fields is 192.168.4.1, then the packet passes. It is easy to think of the 'ne' and 'eq' operators as having an implict "exists" modifier when dealing with multiply- recurring fields. "ip.addr ne 192.168.4.1" can be thought of as "there exists an ip.addr that does not equal 192.168.4.1". Be careful with multiply-recurring fields; they can be confusing. The following is a table of protocol and protocol fields that are filterable in Tethereal. The abbreviation of the protocol or field is given. This abbreviation is what you use in the read filter. The type of the field is also given. 802.1q Virtual LAN (vlan) vlan.cfi CFI Unsigned 16-bit integer vlan.etype Type Unsigned 16-bit integer vlan.id ID Unsigned 16-bit integer vlan.priority Priority Unsigned 16-bit integer ATM (atm) atm.vci VCI Unsigned 16-bit integer atm.vpi VPI Unsigned 8-bit integer ATM LANE (lane) Address Resolution Protocol (arp) arp.dst.atm_num_e164 Target ATM number (E.164) String arp.dst.atm_num_nsap Target ATM number (NSAP) Byte array arp.dst.atm_subaddr Target ATM subaddress Byte array arp.dst.htl Target ATM number type and length Unsigned 8-bit integer arp.dst.hw Target hardware address Byte array arp.dst.pln Target protocol size Unsigned 8-bit integer arp.dst.proto Target protocol address Byte array arp.dst.slen Target ATM subaddress length Unsigned 8-bit integer arp.hw.size Hardware size Unsigned 8-bit integer arp.hw.type Hardware type Unsigned 16-bit integer arp.opcode Opcode Unsigned 16-bit integer arp.proto.size Protocol size Unsigned 8-bit integer arp.proto.type Protocol type Unsigned 16-bit integer arp.src.atm_num_e164 Sender ATM number (E.164) String arp.src.atm_num_nsap Sender ATM number (NSAP) Byte array arp.src.atm_subaddr Sender ATM subaddress Byte array arp.src.htl Sender ATM number type and length Unsigned 8-bit integer arp.src.hw Sender hardware address Byte array arp.src.pln Sender protocol size Unsigned 8-bit integer arp.src.proto Sender protocol address Byte array arp.src.slen Sender ATM subaddress length Unsigned 8-bit integer Andrew File System (AFS) (afs) afs.backup Backup Boolean afs.backup.errcode Error Code Unsigned 32-bit integer afs.backup.opcode Operation Unsigned 32-bit integer afs.bos BOS Boolean afs.bos.content Content String afs.bos.date Date Unsigned 32-bit integer afs.bos.errcode Error Code Unsigned 32-bit integer afs.bos.flags Flags Unsigned 32-bit integer afs.bos.instance Instance String afs.bos.number Number Unsigned 32-bit integer afs.bos.opcode Operation Unsigned 32-bit integer afs.bos.size Size Unsigned 32-bit integer afs.bos.status Status Signed 32-bit integer afs.bos.type Type String afs.cb Callback Boolean afs.cb.callback.expires Expires Date/Time stamp afs.cb.callback.type Type Unsigned 32-bit integer afs.cb.callback.version Version Unsigned 32-bit integer afs.cb.errcode Error Code Unsigned 32-bit integer afs.cb.fid.uniq FileID (Uniqifier) Unsigned 32-bit integer afs.cb.fid.vnode FileID (VNode) Unsigned 32-bit integer afs.cb.fid.volume FileID (Volume) Unsigned 32-bit integer afs.cb.opcode Operation Unsigned 32-bit integer afs.error Error Boolean afs.error.opcode Operation Unsigned 32-bit integer afs.fs File Server Boolean afs.fs.acl.a _A_dminister Unsigned 8-bit integer afs.fs.acl.count.negative ACL Count (Negative) Unsigned 32-bit integer afs.fs.acl.count.positive ACL Count (Positive) Unsigned 32-bit integer afs.fs.acl.d _D_elete Unsigned 8-bit integer afs.fs.acl.datasize ACL Size Unsigned 32-bit integer afs.fs.acl.entity Entity (User/Group) String afs.fs.acl.i _I_nsert Unsigned 8-bit integer afs.fs.acl.k _L_ock Unsigned 8-bit integer afs.fs.acl.l _L_ookup Unsigned 8-bit integer afs.fs.acl.r _R_ead Unsigned 8-bit integer afs.fs.acl.w _W_rite Unsigned 8-bit integer afs.fs.callback.expires Expires Date/Time stamp afs.fs.callback.type Type Unsigned 32-bit integer afs.fs.callback.version Version Unsigned 32-bit integer afs.fs.data Data Byte array afs.fs.errcode Error Code Unsigned 32-bit integer afs.fs.fid.uniq FileID (Uniqifier) Unsigned 32-bit integer afs.fs.fid.vnode FileID (VNode) Unsigned 32-bit integer afs.fs.fid.volume FileID (Volume) Unsigned 32-bit integer afs.fs.flength FLength Unsigned 32-bit integer afs.fs.length Length Unsigned 32-bit integer afs.fs.name Name String afs.fs.newname New Name String afs.fs.offset Offset Unsigned 32-bit integer afs.fs.oldname Old Name String afs.fs.opcode Operation Unsigned 32-bit integer afs.fs.symlink.content Symlink Content String afs.fs.symlink.name Symlink Name String afs.fs.timestamp Timestamp Date/Time stamp afs.fs.volid Volume ID Unsigned 32-bit integer afs.fs.volname Volume Name String afs.kauth Kauth Boolean afs.kauth.data Data Byte array afs.kauth.domain Domain String afs.kauth.errcode Error Code Unsigned 32-bit integer afs.kauth.kvno Key Version Number Unsigned 32-bit integer afs.kauth.name Name String afs.kauth.opcode Operation Unsigned 32-bit integer afs.kauth.princ Principal String afs.kauth.realm Realm String afs.prot Protection Boolean afs.prot.count Count Unsigned 32-bit integer afs.prot.errcode Error Code Unsigned 32-bit integer afs.prot.flag Flag Unsigned 32-bit integer afs.prot.gid Group ID Unsigned 32-bit integer afs.prot.id ID Unsigned 32-bit integer afs.prot.maxgid Maximum Group ID Unsigned 32-bit integer afs.prot.maxuid Maximum User ID Unsigned 32-bit integer afs.prot.name Name String afs.prot.newid New ID Unsigned 32-bit integer afs.prot.oldid Old ID Unsigned 32-bit integer afs.prot.opcode Operation Unsigned 32-bit integer afs.prot.pos Position Unsigned 32-bit integer afs.prot.uid User ID Unsigned 32-bit integer afs.rmtsys Rmtsys Boolean afs.rmtsys.opcode Operation Unsigned 32-bit integer afs.ubik Ubik Boolean afs.ubik.errcode Error Code Unsigned 32-bit integer afs.ubik.file File Unsigned 32-bit integer afs.ubik.length Length Unsigned 32-bit integer afs.ubik.locktype Lock Type Unsigned 32-bit integer afs.ubik.opcode Operation Unsigned 32-bit integer afs.ubik.position Position Unsigned 32-bit integer afs.ubik.site Site IPv4 address afs.ubik.syncsite Syncsite Boolean afs.ubik.version.counter Counter Unsigned 32-bit integer afs.ubik.version.epoch Epoch Date/Time stamp afs.ubik.voteend Vote Ends Date/Time stamp afs.ubik.votestart Vote Started Date/Time stamp afs.ubik.votetype Vote Type Boolean afs.update Update Boolean afs.update.opcode Operation Unsigned 32-bit integer afs.vldb VLDB Boolean afs.vldb.bkvol Backup Volume ID Unsigned 32-bit integer afs.vldb.bump Bumped Volume ID Unsigned 32-bit integer afs.vldb.count Volume Count Unsigned 32-bit integer afs.vldb.errcode Error Code Unsigned 32-bit integer afs.vldb.id Volume ID Unsigned 32-bit integer afs.vldb.index Volume Index Unsigned 32-bit integer afs.vldb.name Volume Name String afs.vldb.nextindex Next Volume Index Unsigned 32-bit integer afs.vldb.numservers Number of Servers Unsigned 32-bit integer afs.vldb.opcode Operation Unsigned 32-bit integer afs.vldb.partition Partition String afs.vldb.rovol Read-Only Volume ID Unsigned 32-bit integer afs.vldb.rwvol Read-Write Volume ID Unsigned 32-bit integer afs.vldb.server Server IPv4 address afs.vldb.serveruuid Server UUID Byte array afs.vldb.type Volume Type Unsigned 32-bit integer afs.vol Volume Server Boolean afs.vol.count Volume Count Unsigned 32-bit integer afs.vol.errcode Error Code Unsigned 32-bit integer afs.vol.id Volume ID Unsigned 32-bit integer afs.vol.name Volume Name String afs.vol.opcode Operation Unsigned 32-bit integer Appletalk Address Resolution Protocol (aarp) aarp.dst.ether Target ether Byte array aarp.dst.id Target ID Byte array aarp.hard.size Hardware size Unsigned 8-bit integer aarp.hard.type Hardware type Unsigned 16-bit integer aarp.opcode Opcode Unsigned 16-bit integer aarp.proto.size Protocol size Unsigned 8-bit integer aarp.proto.type Protocol type Unsigned 16-bit integer aarp.src.ether Sender ether Byte array aarp.src.id Sender ID Byte array Async data over ISDN (V.120) (v120) v120.address Link Address Unsigned 16-bit integer v120.control Control Field Unsigned 16-bit integer v120.header Header Field String Authentication Header (ah) ah.sequence Sequence Unsigned 32-bit integer ah.spi SPI Unsigned 32-bit integer Boot Parameters (bootparams) bootparams.domain Client Domain String bootparams.fileid File ID String bootparams.filepath File Path String bootparams.host Client Host String bootparams.hostaddr Client Address IPv4 address bootparams.routeraddr Router Address IPv4 address Bootstrap Protocol (bootp) bootp.cookie Magic cookie IPv4 address bootp.dhcp Frame is DHCP Boolean bootp.file Boot file name String bootp.flag Broadcast flag Unsigned 16-bit integer bootp.hops Hops Unsigned 8-bit integer bootp.hw.addr Client hardware address Byte array bootp.hw.len Hardware address length Unsigned 8-bit integer bootp.hw.type Hardware type Unsigned 8-bit integer bootp.id Transaction ID Unsigned 32-bit integer bootp.ip.client Client IP address IPv4 address bootp.ip.relay Relay agent IP address IPv4 address bootp.ip.server Next server IP address IPv4 address bootp.ip.your Your (client) IP address IPv4 address bootp.secs Seconds elapsed Unsigned 16-bit integer bootp.server Server host name String bootp.type Message type Unsigned 8-bit integer Border Gateway Protocol (bgp) Cisco Auto-RP (auto_rp) auto_rp.grp Group mapping to this RP Unsigned 8-bit integer auto_rp.map Auto-RP address map Unsigned 8-bit integer auto_rp.mask_sgn Group prefix sign Unsigned 8-bit integer auto_rp.pim_ver RP's highest PIM version Unsigned 8-bit integer auto_rp.type Auto-RP packet type Unsigned 8-bit integer auto_rp.typever Auto-RP message version and type Unsigned 8-bit integer auto_rp.version Auto-RP protocol version Unsigned 8-bit integer Cisco Discovery Protocol (cdp) cdp.flags Flags Unsigned 8-bit integer cdp.tlv.len Length Unsigned 16-bit integer cdp.tlv.type Type Unsigned 16-bit integer cdp.ttl TTL Unsigned 16-bit integer cdp.version Version Unsigned 8-bit integer Cisco Group Management Protocol (cgmp) cgmp.count Count Unsigned 8-bit integer cgmp.gda Group Destination Address 6-byte Hardware (MAC) Address cgmp.type Type Unsigned 8-bit integer cgmp.usa Unicast Source Address 6-byte Hardware (MAC) Address cgmp.version Version Unsigned 8-bit integer Cisco Hot Standby Router Protocol (hsrp) Cisco ISL (isl) isl.addr Source or Destination Address 6-byte Hardware (MAC) Address isl.bpdu BPDU Boolean isl.crc CRC Unsigned 32-bit integer isl.dst Destination 6-byte Hardware (MAC) Address isl.dst_route_desc Destination route descriptor Unsigned 16-bit integer isl.esize Esize Unsigned 8-bit integer isl.explorer Explorer Boolean isl.fcs_not_incl FCS Not Included Boolean isl.hsa HSA Unsigned 24-bit integer isl.index Index Unsigned 16-bit integer isl.len Length Unsigned 16-bit integer isl.src Source 6-byte Hardware (MAC) Address isl.src_route_desc Source-route descriptor Unsigned 16-bit integer isl.src_vlan_id Source VLAN ID Unsigned 16-bit integer isl.type Type Unsigned 8-bit integer isl.user User Unsigned 8-bit integer isl.user_eth User Unsigned 8-bit integer isl.vlan_id VLAN ID Unsigned 16-bit integer Common Open Policy Service (cops) cops.client_type Client Type Unsigned 16-bit integer cops.flags Flags Unsigned 8-bit integer cops.msg_len Message Length Unsigned 32-bit integer cops.obj.c_num C-Num Unsigned 8-bit integer cops.obj.c_type C-Type Unsigned 8-bit integer cops.obj.len Object Length Unsigned 32-bit integer cops.op_code Op Code Unsigned 8-bit integer cops.ver_flags Version and Flags Unsigned 8-bit integer cops.version Version Unsigned 8-bit integer Data (data) Datagram Delivery Protocol (ddp) ddp.checksum Checksum Unsigned 16-bit integer ddp.dst.net Destination Net Unsigned 16-bit integer ddp.dst.node Destination Node Unsigned 8-bit integer ddp.dst.socket Destination Socket Unsigned 8-bit integer ddp.hopcount Hop count Unsigned 8-bit integer ddp.len Datagram length Unsigned 16-bit integer ddp.src.net Source Net Unsigned 16-bit integer ddp.src.node Source Node Unsigned 8-bit integer ddp.src.socket Source Socket Unsigned 8-bit integer ddp.type Protocol type Unsigned 8-bit integer Domain Name Service (dns) dns.count.add_rr Additional RRs Unsigned 16-bit integer dns.count.answers Answer RRs Unsigned 16-bit integer dns.count.auth_rr Authority RRs Unsigned 16-bit integer dns.count.queries Questions Unsigned 16-bit integer dns.flags Flags Unsigned 16-bit integer dns.id Transaction ID Unsigned 16-bit integer dns.query Query Boolean dns.response Response Boolean Dynamic DNS Tools Protocol (ddtp) ddtp.encrypt Encryption Unsigned 32-bit integer ddtp.hostid Hostid Unsigned 32-bit integer ddtp.ipaddr IP addres IPv4 address ddtp.msgtype Message type Unsigned 32-bit integer ddtp.opcode Opcode Unsigned 32-bit integer ddtp.status Status Unsigned 32-bit integer ddtp.version Version Unsigned 32-bit integer Encapsulated Security Payload (esp) esp.sequence Sequence Unsigned 32-bit integer esp.spi SPI Unsigned 32-bit integer Enhanced Interior Gateway Routing Protocol (eigrp) Ethernet (eth) eth.addr Source or Destination Address 6-byte Hardware (MAC) Address eth.dst Destination 6-byte Hardware (MAC) Address eth.len Length Unsigned 16-bit integer eth.src Source 6-byte Hardware (MAC) Address eth.trailer Trailer Byte array eth.type Type Unsigned 16-bit integer Extended X.25 (modulo 128) (ex25) ex25.d D Bit Boolean ex25.lcn Logical Channel Unsigned 16-bit integer ex25.m M Bit Boolean ex25.mod Modulo Unsigned 16-bit integer ex25.p_r P(R) Unsigned 8-bit integer ex25.p_s P(S) Unsigned 8-bit integer ex25.q Q Bit Boolean ex25.type Packet Type Unsigned 8-bit integer Fiber Distributed Data Interface (fddi) fddi.addr Source or Destination Address 6-byte Hardware (MAC) Address fddi.dst Destination 6-byte Hardware (MAC) Address fddi.fc Frame Control Unsigned 8-bit integer fddi.src Source 6-byte Hardware (MAC) Address File Transfer Protocol (ftp) ftp.reponse.data Response data String ftp.request Request Boolean ftp.request.command Request command String ftp.request.data Request data String ftp.response Response Boolean ftp.response.code Response code Unsigned 8-bit integer Frame (frame) frame.cap_len Capture Frame Length Unsigned 32-bit integer frame.number Frame Number Unsigned 32-bit integer frame.pkt_len Total Frame Length Unsigned 32-bit integer frame.time Arrival Time Date/Time stamp frame.time_delta Time delta from previous packet Time duration General Inter-ORB Protocol (giop) giop.len Message size Unsigned 32-bit integer giop.type Message type Unsigned 8-bit integer Generic Routing Encapsulation (gre) gre.proto Protocol Type Unsigned 16-bit integer Hypertext Transfer Protocol (http) http.request Request Boolean http.response Response Boolean ICQ Protocol (icq) icq.checkcode Checkcode Unsigned 32-bit integer icq.cmd Command Unsigned 16-bit integer icq.decode Decode String icq.sessionid SessionID Unsigned 32-bit integer icq.type Type Unsigned 16-bit integer icq.uin UIN Unsigned 32-bit integer ILMI (ilmi) IP Payload Compression (ipcomp) ipcomp.cpi CPI Unsigned 16-bit integer ipcomp.flags Flags Unsigned 8-bit integer IPX Message (ipxmsg) ipxmsg.conn Connection Number Unsigned 8-bit integer ipxmsg.sigchar Signature Char Unsigned 8-bit integer IPX Routing Information Protocol (ipxrip) ipxrip.request Request Boolean ipxrip.response Response Boolean ISIS HELLO (isis_hello) isis_hello.circuite_type Circuit type Unsigned 8-bit integer isis_hello.clv_ipv4_int_addr IPv4 interface address IPv4 address isis_hello.holding_timer Holding timer Unsigned 16-bit integer isis_hello.lan_id SystemID{ Designated IS } Byte array isis_hello.local_circuit_id Local circuit ID Unsigned 8-bit integer isis_hello.pdu_length PDU length Unsigned 16-bit integer isis_hello.priority Priority Unsigned 8-bit integer isis_hello.source_id SystemID{ Sender of PDU } Byte array ISO 10589 ISIS Complete Sequence Numbers Protocol Data Unit (isis_csnp) isis_csnp.pdu_length PDU length Unsigned 16-bit integer ISO 10589 ISIS InTRA Domain Routeing Information Exchange Protocol (isis) isis.irpd Intra Domain Routing Protocol Discriminator Unsigned 8-bit integer isis.len PDU Header Length Unsigned 8-bit integer isis.max_area_adr Max.AREAs: (0==3) Unsigned 8-bit integer isis.reserved Reserved (==0) Unsigned 8-bit integer isis.sysid_len System ID Length Unsigned 8-bit integer isis.type PDU Type : Unsigned 8-bit integer isis.version Version (==1) Unsigned 8-bit integer isis.version2 Version2 (==1) Unsigned 8-bit integer ISO 10589 ISIS Link State Protocol Data Unit (isis_lsp) isis_lsp.checksum Checksum Unsigned 16-bit integer isis_lsp.clv_ipv4_int_addr IPv4 interface address: IPv4 address isis_lsp.pdu_length PDU length Unsigned 16-bit integer isis_lsp.remaining_life Remaining life Unsigned 16-bit integer isis_lsp.sequence_number Sequence number Unsigned 32-bit integer ISO 10589 ISIS Partial Sequence Numbers Protocol Data Unit (isis_psnp) isis_psnp.pdu_length PDU length Unsigned 16-bit integer ISO 8073 COTP Connection-Oriented Transport Protocol (cotp) ISO 8473 CLNP ConnectionLess Network Protocol (clnp) clnp.checksum Checksum Unsigned 16-bit integer clnp.dsap DA Byte array clnp.dsap.len DAL Unsigned 8-bit integer clnp.len HDR Length Unsigned 8-bit integer clnp.nlpi Network Layer Protocol Identifier Unsigned 8-bit integer clnp.pdu.len PDU length Unsigned 16-bit integer clnp.ssap SA Byte array clnp.ssap.len SAL Unsigned 8-bit integer clnp.ttl Holding Time Unsigned 8-bit integer clnp.type PDU Type Unsigned 8-bit integer clnp.version Version Unsigned 8-bit integer ISO 8602 CLTP ConnectionLess Transport Protocol (cltp) ISO 9542 ESIS Routeing Information Exchange Protocol (esis) esis.chksum Checksum Unsigned 16-bit integer esis.htime Holding Time Unsigned 16-bit integer esis.length PDU Length Unsigned 8-bit integer esis.nlpi Network Layer Protocol Identifier Unsigned 8-bit integer esis.res Reserved(==0) Unsigned 8-bit integer esis.type PDU Type Unsigned 8-bit integer esis.ver Version (==1) Unsigned 8-bit integer Internet Cache Protocol (icp) icp.length Length Unsigned 16-bit integer icp.nr Request Number Unsigned 32-bit integer icp.opcode Opcode Unsigned 8-bit integer icp.version Version Unsigned 8-bit integer Internet Control Message Protocol (icmp) icmp.checksum Checksum Unsigned 16-bit integer icmp.code Code Unsigned 8-bit integer icmp.type Type Unsigned 8-bit integer Internet Control Message Protocol v6 (icmpv6) icmpv6.checksum Checksum Unsigned 16-bit integer icmpv6.code Code Unsigned 8-bit integer icmpv6.type Type Unsigned 8-bit integer Internet Group Management Protocol (igmp) igmp.checksum Checksum Unsigned 16-bit integer igmp.group Group address IPv4 address igmp.type Type Unsigned 8-bit integer igmp.unused Unused Unsigned 8-bit integer igmp.version Version Unsigned 8-bit integer Internet Message Access Protocol (imap) imap.request Request Boolean imap.response Response Boolean Internet Printing Protocol (ipp) Internet Protocol (ip) ip.addr Source or Destination Address IPv4 address ip.checksum Header checksum Unsigned 16-bit integer ip.dsfield Differentiated Services field Unsigned 8-bit integer ip.dsfield.cu Currently Unused Unsigned 8-bit integer ip.dsfield.dscp Differentiated Services Codepoint Unsigned 8-bit integer ip.dst Destination IPv4 address ip.flags Flags Unsigned 8-bit integer ip.flags.df Don't fragment Boolean ip.flags.mf More fragments Boolean ip.frag_offset Fragment offset Unsigned 16-bit integer ip.hdr_len Header Length Unsigned 8-bit integer ip.id Identification Unsigned 16-bit integer ip.len Total Length Unsigned 16-bit integer ip.proto Protocol Unsigned 8-bit integer ip.src Source IPv4 address ip.tos Type of Service Unsigned 8-bit integer ip.tos.cost Cost Boolean ip.tos.delay Delay Boolean ip.tos.precedence Precedence Unsigned 8-bit integer ip.tos.reliability Reliability Boolean ip.tos.throughput Throughput Boolean ip.ttl Time to live Unsigned 8-bit integer ip.version Version Unsigned 8-bit integer Internet Protocol Version 6 (ipv6) ipv6.class Traffic class Unsigned 8-bit integer ipv6.dst Destination IPv6 address ipv6.flow Flowlabel Unsigned 32-bit integer ipv6.hlim Hop limit Unsigned 8-bit integer ipv6.nxt Next header Unsigned 8-bit integer ipv6.plen Payload length Unsigned 16-bit integer ipv6.src Source IPv6 address ipv6.version Version Unsigned 8-bit integer Internet Relay Chat (irc) irc.command Command String irc.request Request Boolean irc.response Response Boolean Internet Security Association and Key Management Protocol (isakmp) Internetwork Packet eXchange (ipx) ipx.checksum Checksum Unsigned 16-bit integer ipx.dst.net Destination Network IPX network or server name ipx.dst.node Destination Node 6-byte Hardware (MAC) Address ipx.dst.socket Destination Socket Unsigned 16-bit integer ipx.hops Transport Control (Hops) Unsigned 8-bit integer ipx.len Length Unsigned 16-bit integer ipx.packet_type Packet Type Unsigned 8-bit integer ipx.src.net Source Network IPX network or server name ipx.src.node Source Node 6-byte Hardware (MAC) Address ipx.src.socket Source Socket Unsigned 16-bit integer Layer 2 Tunneling Protocol (l2tp) l2tp.Nr Nr Unsigned 16-bit integer l2tp.Ns Ns Unsigned 16-bit integer l2tp.length Length Unsigned 16-bit integer l2tp.offset Offset Unsigned 16-bit integer l2tp.session Session ID Unsigned 16-bit integer l2tp.tunnel Tunnel ID Unsigned 16-bit integer lt2p.code code Unsigned 16-bit integer lt2p.length_bit Length Bit Boolean lt2p.offset_bit Offset bit Boolean lt2p.priority Priority Boolean lt2p.seq_bit Sequence Bit Boolean lt2p.type Type Unsigned 16-bit integer lt2p.version Version Unsigned 16-bit integer Lightweight Directory Access Protocol (ldap) ldap.abandon.msgid Abandon Msg Id Unsigned 32-bit integer ldap.attribute Attribute String ldap.bind.auth_type Auth Type Unsigned 8-bit integer ldap.bind.dn DN String ldap.bind.password Password String ldap.bind.version Version Unsigned 32-bit integer ldap.compare.test Test String ldap.dn Distinguished Name String ldap.length Length Unsigned 32-bit integer ldap.message_id Message Id Unsigned 32-bit integer ldap.message_length Message Length Unsigned 32-bit integer ldap.message_type Message Type Unsigned 8-bit integer ldap.modify.add Add String ldap.modify.delete Delete String ldap.modify.replace Replace String ldap.modrdn.delete Delete Values Boolean ldap.modrdn.name New Name String ldap.modrdn.superior New Location String ldap.result.code Result Code Unsigned 8-bit integer ldap.result.errormsg Error Message String ldap.result.matcheddn Matched DN String ldap.result.referral Referral String ldap.search.basedn Base DN String ldap.search.dereference Dereference Unsigned 8-bit integer ldap.search.filter Filter String ldap.search.scope Scope Unsigned 8-bit integer ldap.search.sizelimit Size Limit Unsigned 32-bit integer ldap.search.timelimit Time Limit Unsigned 32-bit integer ldap.search.typesonly Attributes Only Boolean ldap.value Value String Line Printer Daemon Protocol (lpd) lpd.request Request Boolean lpd.response Response Boolean Link Access Procedure Balanced (LAPB) (lapb) lapb.address Address Field Unsigned 8-bit integer lapb.control Control Field Unsigned 8-bit integer Link Access Procedure, Channel D (LAPD) (lapd) lapd.address Address Field Unsigned 16-bit integer lapd.control Control Field Unsigned 16-bit integer lapd.cr C/R Unsigned 16-bit integer lapd.ea1 EA1 Unsigned 16-bit integer lapd.ea2 EA2 Unsigned 16-bit integer lapd.sapi SAPI Unsigned 16-bit integer lapd.tei TEI Unsigned 16-bit integer Logical-Link Control (llc) llc.control Control Unsigned 16-bit integer llc.dsap DSAP Unsigned 8-bit integer llc.dsap.ig IG Bit Boolean llc.oui Organization Code Unsigned 24-bit integer llc.pid Protocol ID Unsigned 16-bit integer llc.ssap SSAP Unsigned 8-bit integer llc.ssap.cr CR Bit Boolean llc.type Type Unsigned 16-bit integer Lucent/Ascend debug output (ascend) ascend.chunk WDD Chunk Unsigned 32-bit integer ascend.number Called number String ascend.sess Session ID Unsigned 32-bit integer ascend.task Task Unsigned 32-bit integer ascend.type Link type Unsigned 32-bit integer ascend.user User name String MAPI (mapi) mapi.request Request Boolean mapi.response Response Boolean MSProxy Protocol (msproxy) msproxy.bindaddr Destination IPv4 address msproxy.bindid Bound Port Id Unsigned 32-bit integer msproxy.bindport Bind Port Unsigned 16-bit integer msproxy.boundport Bound Port Unsigned 16-bit integer msproxy.clntport Client Port Unsigned 16-bit integer msproxy.command Command Unsigned 16-bit integer msproxy.dstaddr Destination Address IPv4 address msproxy.dstport Destination Port Unsigned 16-bit integer msproxy.resolvaddr Address IPv4 address msproxy.server_ext_addr Server External Address IPv4 address msproxy.server_ext_port Server External Port Unsigned 16-bit integer msproxy.server_int_addr Server Internal Address IPv4 address msproxy.server_int_port Server Internal Port Unsigned 16-bit integer msproxy.serveraddr Server Address IPv4 address msproxy.serverport Server Port Unsigned 16-bit integer msproxy.srcport Source Port Unsigned 16-bit integer Malformed Frame (malformed) Microsoft Windows Browser Protocol (browser) Microsoft Windows Lanman Protocol (lanman) Microsoft Windows Logon Protocol (netlogon) Mobile IP (mip) mip.b Broadcast Datagrams Boolean mip.coa Care of Address IPv4 address mip.code Reply Code Unsigned 8-bit integer mip.d Co-lcated Care-of Address Boolean mip.g GRE Boolean mip.haaddr Home Agent IPv4 address mip.homeaddr Home Address IPv4 address mip.ident Identification Byte array mip.life Lifetime Signed 16-bit integer mip.m Minimal Encapsulation Boolean mip.s Simultaneous Bindings Boolean mip.type Message Type Signed 8-bit integer mip.v Van Jacobson Boolean Mount Service (mount) mount.dump.directory Directory String mount.dump.entry Mount List Entry No value mount.dump.hostname Hostname String mount.export.directory Directory String mount.export.entry Export List Entry No value mount.export.group Group String mount.export.groups Groups No value mount.flavor Flavor Unsigned 32-bit integer mount.flavors Flavors Unsigned 32-bit integer mount.path Path String mount.pathconf.link_max Maximum number of links to a file Unsigned 32-bit integer mount.pathconf.mask Reply error/status bits Unsigned 16-bit integer mount.pathconf.mask.chown_restricted CHOWN_RESTRICTED Boolean mount.pathconf.mask.error_all ERROR_ALL Boolean mount.pathconf.mask.error_link_max ERROR_LINK_MAX Boolean mount.pathconf.mask.error_max_canon ERROR_MAX_CANON Boolean mount.pathconf.mask.error_max_input ERROR_MAX_INPUT Boolean mount.pathconf.mask.error_name_max ERROR_NAME_MAX Boolean mount.pathconf.mask.error_path_max ERROR_PATH_MAX Boolean mount.pathconf.mask.error_pipe_buf ERROR_PIPE_BUF Boolean mount.pathconf.mask.error_vdisable ERROR_VDISABLE Boolean mount.pathconf.mask.no_trunc NO_TRUNC Boolean mount.pathconf.max_canon Maximum terminal input line length Unsigned 16-bit integer mount.pathconf.max_input Terminal input buffer size Unsigned 16-bit integer mount.pathconf.name_max Maximum file name length Unsigned 16-bit integer mount.pathconf.path_max Maximum path name length Unsigned 16-bit integer mount.pathconf.pipe_buf Pipe buffer size Unsigned 16-bit integer mount.pathconf.vdisable_char VDISABLE character Unsigned 8-bit integer mount.status Status Unsigned 32-bit integer MultiProtocol Label Switching Header (mpls) mpls.bottom MPLS Bottom Of Label Stack Unsigned 8-bit integer mpls.exp MPLS Experimental Bits Unsigned 8-bit integer mpls.label MPLS Label Unsigned 32-bit integer mpls.ttl MPLS TTL Unsigned 8-bit integer Name Binding Protocol (nbp) nbp.count Count Unsigned 8-bit integer nbp.enum Enumerator Unsigned 8-bit integer nbp.info Info Unsigned 8-bit integer nbp.net Network Unsigned 16-bit integer nbp.node Node Unsigned 8-bit integer nbp.object Object String nbp.op Operation Unsigned 8-bit integer nbp.port Port Unsigned 8-bit integer nbp.tid Transaction ID Unsigned 8-bit integer nbp.type Type String nbp.zone Zone String NetBIOS (netbios) NetBIOS Datagram Service (nbdgm) nbdgm.dgram_id Datagram ID Unsigned 16-bit integer nbdgm.first First fragment Boolean nbdgm.next Fragmented Boolean nbdgm.node_type Node Type Unsigned 8-bit integer nbdgm.src.ip Source IP IPv4 address nbdgm.src.port Source Port Unsigned 16-bit integer nbdgm.type Message Type Unsigned 8-bit integer NetBIOS Name Service (nbns) nbns.count.add_rr Additional RRs Unsigned 16-bit integer nbns.count.answers Answer RRs Unsigned 16-bit integer nbns.count.auth_rr Authority RRs Unsigned 16-bit integer nbns.count.queries Questions Unsigned 16-bit integer nbns.id Transaction ID Unsigned 16-bit integer nbns.query Query Boolean nbns.response Response Boolean NetBIOS Session Service (nbss) nbss.flags Flags Unsigned 8-bit integer nbss.type Message Type Unsigned 8-bit integer NetBIOS over IPX (nbipx) NetWare Core Protocol (ncp) ncp.connection Connection Number Unsigned 16-bit integer ncp.ip.signature NCP over IP signature Unsigned 32-bit integer ncp.ip.version Version Unsigned 32-bit integer ncp.seq Sequence Number Unsigned 8-bit integer ncp.task Task Number Unsigned 8-bit integer ncp.type Type Unsigned 16-bit integer Network File System (nfs) nfs.createmode Create Mode Unsigned 32-bit integer nfs.data Data String nfs.fsinfo.dtpref dtpref Unsigned 32-bit integer nfs.fsinfo.propeties Properties Unsigned 32-bit integer nfs.fsinfo.rtmax rtmax Unsigned 32-bit integer nfs.fsinfo.rtmult rtmult Unsigned 32-bit integer nfs.fsinfo.rtpref rtpref Unsigned 32-bit integer nfs.fsinfo.wtmax wtmax Unsigned 32-bit integer nfs.fsinfo.wtmult wtmult Unsigned 32-bit integer nfs.fsinfo.wtpref wtpref Unsigned 32-bit integer nfs.fsstat.invarsec invarsec Unsigned 32-bit integer nfs.name Name String nfs.pathconf.case_insensitive case_insensitive Boolean nfs.pathconf.case_preserving case_preserving Boolean nfs.pathconf.chown_restricted chown_restricted Boolean nfs.pathconf.linkmax linkmax Unsigned 32-bit integer nfs.pathconf.name_max name_max Unsigned 32-bit integer nfs.pathconf.no_trunc no_trunc Boolean nfs.read.count Count Unsigned 32-bit integer nfs.read.eof EOF Boolean nfs.read.offset Offset Unsigned 32-bit integer nfs.read.totalcount Total Count Unsigned 32-bit integer nfs.readdir.cookie Cookie Unsigned 32-bit integer nfs.readdir.count Count Unsigned 32-bit integer nfs.readdir.entry Entry No value nfs.readdir.entry.cookie Cookie Unsigned 32-bit integer nfs.readdir.entry.fileid File ID Unsigned 32-bit integer nfs.readdir.entry.name Name String nfs.readdir.eof EOF Unsigned 32-bit integer nfs.readdirplus.entry.name Name String nfs.readlink.data Data String nfs.statfs.bavail Available Blocks Unsigned 32-bit integer nfs.statfs.bfree Free Blocks Unsigned 32-bit integer nfs.statfs.blocks Total Blocks Unsigned 32-bit integer nfs.statfs.bsize Block Size Unsigned 32-bit integer nfs.statfs.tsize Transfer Size Unsigned 32-bit integer nfs.status Status Unsigned 32-bit integer nfs.status2 Status Unsigned 32-bit integer nfs.symlink.to To String nfs.type Type Unsigned 32-bit integer nfs.write.beginoffset Begin Offset Unsigned 32-bit integer nfs.write.committed Committed Unsigned 32-bit integer nfs.write.offset Offset Unsigned 32-bit integer nfs.write.stable Stable Unsigned 32-bit integer nfs.write.totalcount Total Count Unsigned 32-bit integer Network Lock Manager Protocol (nlm) Network News Transfer Protocol (nntp) nntp.request Request Boolean nntp.response Response Boolean Network Time Protocol (ntp) ntp.flags Flags Byte array ntp.flags.li Leap Indicator Unsigned 8-bit integer ntp.flags.mode Leap Indicator Unsigned 8-bit integer ntp.flags.vn Version number Unsigned 8-bit integer ntp.keyid Key ID Byte array ntp.mac Message Authentication Code Byte array ntp.org Originate Time Stamp Byte array ntp.ppoll Peer Polling Interval Byte array ntp.precision Peer Clock Precision Byte array ntp.rec Receive Time Stamp Byte array ntp.refid Reference Clock ID Byte array ntp.reftime Reference Clock Update Time Byte array ntp.rootdelay Root Delay Byte array ntp.rootdispersion Clock Dispersion Byte array ntp.stratum Peer Clock Stratum Byte array ntp.xmt Transmit Time Stamp Byte array Null/Loopback (null) null.family Family Unsigned 32-bit integer null.type Type Unsigned 16-bit integer Open Shortest Path First (ospf) PPP Multilink Protocol (mp) mp.first First fragment Boolean mp.last Last fragment Boolean mp.seq Sequence number Unsigned 24-bit integer Point-to-Point Protocol (ppp) Portmap (portmap) portmap.answer Answer Boolean portmap.port Port Unsigned 32-bit integer portmap.proc Procedure Unsigned 32-bit integer portmap.prog Program Unsigned 32-bit integer portmap.proto Protocol Unsigned 32-bit integer portmap.rpcb RPCB No value portmap.rpcb.addr Universal Address String portmap.rpcb.netid Network Id String portmap.rpcb.owner Owner of this Service String portmap.rpcb.prog Program Unsigned 32-bit integer portmap.rpcb.version Version Unsigned 32-bit integer portmap.uaddr Universal Address String portmap.version Version Unsigned 32-bit integer Post Office Protocol (pop) pop.request Request Boolean pop.response Response Boolean Protocol Independent Multicast (pim) pim.cksum Checksum Unsigned 16-bit integer pim.type Type Unsigned 8-bit integer pim.version Version Unsigned 8-bit integer Q.2931 (q2931) q2931.call_ref Call reference value Byte array q2931.call_ref_len Call reference value length Unsigned 8-bit integer q2931.disc Protocol discriminator Unsigned 8-bit integer q2931.message_action_indicator Action indicator Unsigned 8-bit integer q2931.message_flag Flag Boolean q2931.message_len Message length Unsigned 16-bit integer q2931.message_type Message type Unsigned 8-bit integer q2931.message_type_ext Message type extension Unsigned 8-bit integer Q.931 (q931) q931.call_ref Call reference value Byte array q931.call_ref_len Call reference value length Unsigned 8-bit integer q931.disc Protocol discriminator Unsigned 8-bit integer q931.message_type Message type Unsigned 8-bit integer RIPng (ripng) ripng.cmd Command Unsigned 8-bit integer ripng.version Version Unsigned 8-bit integer RTP Control Protocol (rtcp) RX Protocol (rx) rx.callnumber Call Number Unsigned 32-bit integer rx.cid CID Unsigned 32-bit integer rx.epoch Epoch Unsigned 32-bit integer rx.flags Flags Unsigned 8-bit integer rx.flags.client_init Client Initiated Unsigned 8-bit integer rx.flags.free_packet Free Packet Unsigned 8-bit integer rx.flags.last_packet Last Packet Unsigned 8-bit integer rx.flags.more_packets More Packets Unsigned 8-bit integer rx.flags.request_ack Request Ack Unsigned 8-bit integer rx.securityindex Security Index Unsigned 32-bit integer rx.seq Sequence Number Unsigned 32-bit integer rx.serial Serial Unsigned 32-bit integer rx.serviceid Service ID Unsigned 16-bit integer rx.spare Spare/Checksum Unsigned 16-bit integer rx.type Type Unsigned 8-bit integer rx.userstatus User Status Unsigned 32-bit integer Radius Protocol (radius) radius.code Code Unsigned 8-bit integer radius.id Identifier Unsigned 8-bit integer radius.length Length Unsigned 16-bit integer Real Time Streaming Protocol (rtsp) rtsp.method Method String rtsp.status Status Unsigned 32-bit integer rtsp.url URL String Realtime Transport Protocol (rtp) Remote Procedure Call (rpc) rpc.auth.flavor Flavor Unsigned 32-bit integer rpc.auth.gid GID Unsigned 32-bit integer rpc.auth.length Length Unsigned 32-bit integer rpc.auth.machinename Machine Name String rpc.auth.stamp Stamp Unsigned 32-bit integer rpc.auth.uid UID Unsigned 32-bit integer rpc.call.dup Duplicate Call Unsigned 32-bit integer rpc.dup Duplicate Transaction Unsigned 32-bit integer rpc.fraglen Fragment Length Unsigned 32-bit integer rpc.lastfrag Last Fragment Boolean rpc.msgtyp Message Type Unsigned 32-bit integer rpc.procedure Procedure Unsigned 32-bit integer rpc.program Program Unsigned 32-bit integer rpc.programversion Program Version Unsigned 32-bit integer rpc.programversion.max Program Version (Maximum) Unsigned 32-bit integer rpc.programversion.min Program Version (Minimum) Unsigned 32-bit integer rpc.reply.dup Duplicate Reply Unsigned 32-bit integer rpc.replystat Reply State Unsigned 32-bit integer rpc.state_accept Accept State Unsigned 32-bit integer rpc.state_auth Auth State Unsigned 32-bit integer rpc.state_reject Reject State Unsigned 32-bit integer rpc.value_follows Value Follows Boolean rpc.version RPC Version Unsigned 32-bit integer rpc.version.max RPC Version (Maximum) Unsigned 32-bit integer rpc.version.min RPC Version (Minimum) Unsigned 32-bit integer rpc.xid XID Unsigned 32-bit integer Resource ReserVation Protocol (RSVP) (rsvp) rsvp.adspec ADSPEC Unsigned 8-bit integer rsvp.confirm CONFIRM Unsigned 8-bit integer rsvp.error ERROR Unsigned 8-bit integer rsvp.explicit_route EXPLICIT ROUTE Unsigned 8-bit integer rsvp.filter FILTERSPEC Unsigned 8-bit integer rsvp.flowspec FLOWSPEC Unsigned 8-bit integer rsvp.hop HOP Unsigned 8-bit integer rsvp.integrity INTEGRITY Unsigned 8-bit integer rsvp.label LABEL Unsigned 8-bit integer rsvp.label_request LABEL REQUEST Unsigned 8-bit integer rsvp.msg Message Type Unsigned 8-bit integer rsvp.obj_unknown Unknown object Unsigned 8-bit integer rsvp.path Path Message Boolean rsvp.perr Path Error Message Boolean rsvp.policy POLICY Unsigned 8-bit integer rsvp.ptear Path Tear Message Boolean rsvp.record_route RECORD ROUTE Unsigned 8-bit integer rsvp.rerr Resv Error Message Boolean rsvp.resv Resv Message Boolean rsvp.resvconf Resv Confirm Message Boolean rsvp.rtear Resv Tear Message Boolean rsvp.rtearconf Resv Tear Confirm Message Boolean rsvp.scope SCOPE Unsigned 8-bit integer rsvp.sender SENDER TEMPLATE Unsigned 8-bit integer rsvp.sender.ip Sender IPv4 address IPv4 address rsvp.sender.lsp_id Sender LSP ID Unsigned 16-bit integer rsvp.sender.port Sender port number Unsigned 16-bit integer rsvp.session SESSION Unsigned 8-bit integer rsvp.session.ext_tunnel_id Extended tunnel ID Unsigned 32-bit integer rsvp.session.ip Destination address IPv4 address rsvp.session.port Port number Unsigned 16-bit integer rsvp.session.proto Protocol Unsigned 8-bit integer rsvp.session.tunnel_id Tunnel ID Unsigned 16-bit integer rsvp.session_attribute SESSION ATTRIBUTE Unsigned 8-bit integer rsvp.style STYLE Unsigned 8-bit integer rsvp.time TIME VALUES Unsigned 8-bit integer rsvp.tspec SENDER TSPEC Unsigned 8-bit integer Rlogin Protocol (rlogin) rlogin.user_info User Info No value rlogin.window_size Window Info No value rlogin.window_size.cols Columns Unsigned 16-bit integer rlogin.window_size.rows Rows Unsigned 16-bit integer rlogin.window_size.x_pixels X Pixels Unsigned 16-bit integer rlogin.window_size.y_pixels Y Pixels Unsigned 16-bit integer Routing Information Protocol (rip) Routing Table (rtmp) nbp.nodeid Node Unsigned 8-bit integer nbp.nodeid.length Node Length Unsigned 8-bit integer rtmp.net Net Unsigned 16-bit integer rtmp.tuple.dist Distance Unsigned 16-bit integer rtmp.tuple.net Net Unsigned 16-bit integer SMB MailSlot Protocol (mailslot) SNMP Multiplex Protocol (smux) SSCOP (sscop) Sequenced Packet eXchange (spx) spx.ack Acknowledgment Number Unsigned 16-bit integer spx.alloc Allocation Number Unsigned 16-bit integer spx.ctl Connection Control Unsigned 8-bit integer spx.dst Destination Connection ID Unsigned 16-bit integer spx.seq Sequence Number Unsigned 16-bit integer spx.src Source Connection ID Unsigned 16-bit integer spx.type Datastream type Unsigned 8-bit integer Server Message Block Protocol (smb) Service Advertisement Protocol (ipxsap) ipxsap.request Request Boolean ipxsap.response Response Boolean Service Location Protocol (srvloc) srvloc.err Error Code Unsigned 8-bit integer srvloc.flags Flags Unsigned 8-bit integer srvloc.function Function Unsigned 8-bit integer srvloc.version Version Unsigned 8-bit integer Session Announcement Protocol (sap) sap.auth Authentication data No value sap.auth.flags Authentication data flags Unsigned 8-bit integer sap.auth.flags.p Padding Bit Boolean sap.auth.flags.t Authentication Type Unsigned 8-bit integer sap.auth.flags.v Version Number Unsigned 8-bit integer sap.flags Flags Unsigned 8-bit integer sap.flags.a Address Type Boolean sap.flags.c Compression Bit Boolean sap.flags.e Encryption Bit Boolean sap.flags.r Reserved Boolean sap.flags.t Message Type Boolean sap.flags.v Version Number Unsigned 8-bit integer Session Description Protocol (sdp) Short Frame (short) Simple Network Management Protocol (snmp) snmpv3.flags SNMPv3 Flags Unsigned 8-bit integer snmpv3.flags.auth Authenticated Boolean snmpv3.flags.crypt Encrypted Boolean snmpv3.flags.report Reportable Boolean Sinec H1 Protocol (h1) h1.dbnr Memory block number Unsigned 8-bit integer h1.dlen Length in words Signed 16-bit integer h1.dwnr Address within memory block Unsigned 16-bit integer h1.empty Empty field Unsigned 8-bit integer h1.empty_len Empty field length Unsigned 8-bit integer h1.header H1-Header Unsigned 16-bit integer h1.len Length indicator Unsigned 16-bit integer h1.opcode Opcode Unsigned 8-bit integer h1.opfield Operation identifier Unsigned 8-bit integer h1.oplen Operation length Unsigned 8-bit integer h1.org Memory type Unsigned 8-bit integer h1.reqlen Request length Unsigned 8-bit integer h1.request Request identifier Unsigned 8-bit integer h1.reslen Response length Unsigned 8-bit integer h1.response Response identifier Unsigned 8-bit integer h1.resvalue Response value Unsigned 8-bit integer Socks Protocol (socks) socks.command Command Unsigned 16-bit integer socks.dst Remote Address IPv4 address socks.dstV6 Remote Address IPv6 address socks.dstport Remote Port Unsigned 16-bit integer socks.username User Name String socks.ver Version Unsigned 8-bit integer Spanning Tree Protocol (stp) stp.bridge.hw Bridge Identifier 6-byte Hardware (MAC) Address stp.flags BPDU flags Unsigned 8-bit integer stp.forward Forward Delay Double-precision floating point stp.hello Hello Time Double-precision floating point stp.max_age Max Age Double-precision floating point stp.msg_age Message Age Double-precision floating point stp.port Port identifier Unsigned 16-bit integer stp.protocol Protocol Identifier Unsigned 16-bit integer stp.root.cost Root Path Cost Unsigned 32-bit integer stp.root.hw Root Identifier 6-byte Hardware (MAC) Address stp.type BPDU type Unsigned 8-bit integer stp.version Protocol Version Identifier Unsigned 8-bit integer Status Service (stat) Syslog message (syslog) syslog.facility Facility Unsigned 8-bit integer syslog.level Level Unsigned 8-bit integer syslog.msg_len Message length Unsigned 32-bit integer Systems Network Architecture (sna) sna.rh Request/Response Header No value sna.rh.0 Request/Response Header Byte 0 Unsigned 8-bit integer sna.rh.1 Request/Response Header Byte 1 Unsigned 8-bit integer sna.rh.2 Request/Response Header Byte 2 Unsigned 8-bit integer sna.rh.bbi Begin Bracket Indicator Boolean sna.rh.bci Begin Chain Indicator Boolean sna.rh.cdi Change Direction Indicator Boolean sna.rh.cebi Conditional End Bracket Indicator Boolean sna.rh.csi Code Selection Indicator Boolean sna.rh.dr1 Definite Response 1 Indicator Boolean sna.rh.dr2 Definite Response 2 Indicator Boolean sna.rh.ebi End Bracket Indicator Boolean sna.rh.eci End Chain Indicator Boolean sna.rh.edi Enciphered Data Indicator Boolean sna.rh.eri Exception Response Indicator Boolean sna.rh.fi Format Indicator Boolean sna.rh.lcci Length-Checked Compression Indicator Boolean sna.rh.pdi Padded Data Indicator Boolean sna.rh.pi Pacing Indicator Boolean sna.rh.qri Queued Response Indicator Boolean sna.rh.rlwi Request Larger Window Indicator Boolean sna.rh.rri Request/Response Indicator Unsigned 8-bit integer sna.rh.rti Response Type Indicator Boolean sna.rh.ru_category Request/Response Unit Category Unsigned 8-bit integer sna.rh.sdi Sense Data Included Boolean sna.ru Request/Response Unit No value sna.th Transmission Header No value sna.th.0 Transmission Header Byte 0 Unsigned 8-bit integer sna.th.cmd_fmt Command Format Unsigned 8-bit integer sna.th.cmd_sn Command Sequence Number Unsigned 16-bit integer sna.th.cmd_type Command Type Unsigned 8-bit integer sna.th.daf Destination Address Field Unsigned 16-bit integer sna.th.dcf Data Count Field Unsigned 16-bit integer sna.th.def Destination Element Field Unsigned 16-bit integer sna.th.dsaf Destination Subarea Address Field Unsigned 32-bit integer sna.th.efi Expedited Flow Indicator Unsigned 8-bit integer sna.th.er_vr_supp_ind ER and VR Support Indicator Unsigned 8-bit integer sna.th.ern Explicit Route Number Unsigned 8-bit integer sna.th.fid Format Identifer Unsigned 8-bit integer sna.th.iern Initial Explicit Route Number Unsigned 8-bit integer sna.th.lsid Local Session Identification Unsigned 8-bit integer sna.th.mft MPR FID4 Type Boolean sna.th.mpf Mapping Field Unsigned 8-bit integer sna.th.nlp_cp NLP Count or Padding Unsigned 8-bit integer sna.th.nlpoi NLP Offset Indicator Unsigned 8-bit integer sna.th.ntwk_prty Network Priority Unsigned 8-bit integer sna.th.oaf Origin Address Field Unsigned 16-bit integer sna.th.odai ODAI Assignment Indicator Unsigned 8-bit integer sna.th.oef Origin Element Field Unsigned 16-bit integer sna.th.osaf Origin Subarea Address Field Unsigned 32-bit integer sna.th.piubf PIU Blocking Field Unsigned 8-bit integer sna.th.sa Session Address Byte array sna.th.snai SNA Indicator Boolean sna.th.snf Sequence Number Field Unsigned 16-bit integer sna.th.tg_nonfifo_ind Transmission Group Non-FIFO Indicator Boolean sna.th.tg_snf Transmission Group Sequence Number Field Unsigned 16-bit integer sna.th.tg_sweep Transmission Group Sweep Unsigned 8-bit integer sna.th.tgsf Transmission Group Segmenting Field Unsigned 8-bit integer sna.th.tpf Transmission Priority Field Unsigned 8-bit integer sna.th.vr_cwi Virtual Route Change Window Indicator Unsigned 16-bit integer sna.th.vr_cwri Virtual Route Change Window Reply Indicator Unsigned 16-bit integer sna.th.vr_pac_cnt_ind Virtual Route Pacing Count Indicator Unsigned 8-bit integer sna.th.vr_rwi Virtual Route Reset Window Indicator Boolean sna.th.vr_snf_send Virtual Route Send Sequence Number Field Unsigned 16-bit integer sna.th.vr_sqti Virtual Route Sequence and Type Indicator Unsigned 16-bit integer sna.th.vrn Virtual Route Number Unsigned 8-bit integer sna.th.vrprq Virtual Route Pacing Request Boolean sna.th.vrprs Virtual Route Pacing Response Boolean TACACS (tacacs) tacacs.request Request Boolean tacacs.response Response Boolean tacacs.version Tacacs Version String Telnet (telnet) Time Protocol (time) time.time Time Unsigned 32-bit integer Token-Ring (tr) tr.ac Access Control Unsigned 8-bit integer tr.addr Source or Destination Address 6-byte Hardware (MAC) Address tr.broadcast Broadcast Type Unsigned 8-bit integer tr.direction Direction Unsigned 8-bit integer tr.dst Destination 6-byte Hardware (MAC) Address tr.fc Frame Control Unsigned 8-bit integer tr.frame Frame Boolean tr.frame_pcf Frame PCF Unsigned 8-bit integer tr.frame_type Frame Type Unsigned 8-bit integer tr.max_frame_size Maximum Frame Size Unsigned 8-bit integer tr.monitor_cnt Monitor Count Unsigned 8-bit integer tr.priority Priority Unsigned 8-bit integer tr.priority_reservation Priority Reservation Unsigned 8-bit integer tr.rif Ring-Bridge Pairs String tr.rif.bridge RIF Bridge Unsigned 8-bit integer tr.rif.ring RIF Ring Unsigned 16-bit integer tr.rif_bytes RIF Bytes Unsigned 8-bit integer tr.sr Source Routed Boolean tr.src Source 6-byte Hardware (MAC) Address Token-Ring Media Access Control (trmac) trmac.dstclass Destination Class Unsigned 8-bit integer trmac.errors.abort Abort Delimiter Transmitted Errors Unsigned 8-bit integer trmac.errors.ac A/C Errors Unsigned 8-bit integer trmac.errors.burst Burst Errors Unsigned 8-bit integer trmac.errors.congestion Receiver Congestion Errors Unsigned 8-bit integer trmac.errors.fc Frame-Copied Errors Unsigned 8-bit integer trmac.errors.freq Frequency Errors Unsigned 8-bit integer trmac.errors.internal Internal Errors Unsigned 8-bit integer trmac.errors.iso Isolating Errors Unsigned 16-bit integer trmac.errors.line Line Errors Unsigned 8-bit integer trmac.errors.lost Lost Frame Errors Unsigned 8-bit integer trmac.errors.noniso Non-Isolating Errors Unsigned 16-bit integer trmac.errors.token Token Errors Unsigned 8-bit integer trmac.length Total Length Unsigned 8-bit integer trmac.mvec Major Vector Unsigned 8-bit integer trmac.naun NAUN 6-byte Hardware (MAC) Address trmac.srcclass Source Class Unsigned 8-bit integer trmac.svec Sub-Vector Unsigned 8-bit integer Transmission Control Protocol (tcp) tcp.ack Acknowledgement number Unsigned 32-bit integer tcp.checksum Checksum Unsigned 16-bit integer tcp.dstport Destination Port Unsigned 16-bit integer tcp.flags Flags Unsigned 8-bit integer tcp.flags.ack Acknowledgment Boolean tcp.flags.fin Fin Boolean tcp.flags.push Push Boolean tcp.flags.reset Reset Boolean tcp.flags.syn Syn Boolean tcp.flags.urg Urgent Boolean tcp.hdr_len Header Length Unsigned 8-bit integer tcp.port Source or Destination Port Unsigned 16-bit integer tcp.seq Sequence number Unsigned 32-bit integer tcp.srcport Source Port Unsigned 16-bit integer tcp.urgent_pointer Urgent pointer Unsigned 16-bit integer tcp.window_size Window size Unsigned 16-bit integer Transparent Network Substrate Protocol (tns) tns.compat_version Version (Compatible) Unsigned 16-bit integer tns.connect Connect Boolean tns.data_flag Data Flag Unsigned 16-bit integer tns.header_checksum Header Checksum Unsigned 16-bit integer tns.length Packet Length Unsigned 32-bit integer tns.packet_checksum Packet Checksum Unsigned 16-bit integer tns.request Request Boolean tns.reserved_byte Reserved Byte Byte array tns.response Response Boolean tns.service_options Service Options Unsigned 16-bit integer tns.sns Secure Network Services Boolean tns.type Packet Type Unsigned 8-bit integer tns.version Version Unsigned 16-bit integer Trivial File Transfer Protocol (tftp) tftp.error.code Error code Unsigned 16-bit integer tftp.type Type Unsigned 16-bit integer User Datagram Protocol (udp) udp.checksum Checksum Unsigned 16-bit integer udp.dstport Destination Port Unsigned 16-bit integer udp.length Length Unsigned 16-bit integer udp.port Source or Destination Port Unsigned 16-bit integer udp.srcport Source Port Unsigned 16-bit integer Virtual Router Redundancy Protocol (vrrp) vrrp.type VRRP packet type Unsigned 8-bit integer vrrp.typever VRRP message version and type Unsigned 8-bit integer vrrp.version VRRP protocol version Unsigned 8-bit integer Virtual Trunking Protocol (vtp) vtp.code Code Unsigned 8-bit integer vtp.conf_rev_num Configuration Revision Number Unsigned 32-bit integer vtp.followers Followers Unsigned 8-bit integer vtp.md Management Domain String vtp.md5_digest MD5 Digest Byte array vtp.md_len Management Domain Length Unsigned 8-bit integer vtp.seq_num Sequence Number Unsigned 8-bit integer vtp.start_value Start Value Unsigned 16-bit integer vtp.upd_id Updater Identity IPv4 address vtp.upd_ts Update Timestamp String vtp.version Version Unsigned 8-bit integer vtp.vlan_info.802_10_index 802.10 Index Unsigned 32-bit integer vtp.vlan_info.isl_vlan_id ISL VLAN ID Unsigned 16-bit integer vtp.vlan_info.len VLAN Information Length Unsigned 8-bit integer vtp.vlan_info.mtu_size MTU Size Unsigned 16-bit integer vtp.vlan_info.status.vlan_susp VLAN suspended Boolean vtp.vlan_info.tlv_len Length Unsigned 8-bit integer vtp.vlan_info.tlv_type Type Unsigned 8-bit integer vtp.vlan_info.vlan_name VLAN Name String vtp.vlan_info.vlan_name_len VLAN Name Length Unsigned 8-bit integer vtp.vlan_info.vlan_type VLAN Type Unsigned 8-bit integer Web Cache Coordination Protocol (wccp) wccp.cache_ip Web Cache IP address IPv4 address wccp.change_num Change Number Unsigned 32-bit integer wccp.hash_revision Hash Revision Unsigned 32-bit integer wccp.message WCCP Message Type Unsigned 32-bit integer wccp.recvd_id Received ID Unsigned 32-bit integer wccp.version WCCP Version Unsigned 32-bit integer Who (who) who.boottime Boot Time Date/Time stamp who.hostname Hostname String who.idle Time Idle Unsigned 32-bit integer who.loadav_10 Load Average Over Past 10 Minutes Double-precision floating point who.loadav_15 Load Average Over Past 15 Minutes Double-precision floating point who.loadav_5 Load Average Over Past 5 Minutes Double-precision floating point who.recvtime Receive Time Date/Time stamp who.sendtime Send Time Date/Time stamp who.timeon Time On Date/Time stamp who.tty TTY Name String who.type Type Unsigned 8-bit integer who.uid User ID String who.vers Version Unsigned 8-bit integer who.whoent Who utmp Entry No value X.25 (x25) x25.d D Bit Boolean x25.lcn Logical Channel Unsigned 16-bit integer x25.m M Bit Boolean x25.mod Modulo Unsigned 16-bit integer x25.p_r P(R) Unsigned 8-bit integer x25.p_s P(S) Unsigned 8-bit integer x25.q Q Bit Boolean x25.type Packet Type Unsigned 8-bit integer X11 (x11) x11.acceleration-denominator acceleration-denominator Signed 16-bit integer x11.acceleration-numerator acceleration-numerator Signed 16-bit integer x11.access-mode access-mode Unsigned 8-bit integer x11.address address Byte array x11.address-length address-length Unsigned 16-bit integer x11.alloc alloc Unsigned 8-bit integer x11.allow-events-mode allow-events-mode Unsigned 8-bit integer x11.allow-exposures allow-exposures Unsigned 8-bit integer x11.arc arc No value x11.arc.angle1 angle1 Signed 16-bit integer x11.arc.angle2 angle2 Signed 16-bit integer x11.arc.height height Unsigned 16-bit integer x11.arc.mode mode Unsigned 8-bit integer x11.arc.width width Unsigned 16-bit integer x11.arc.x x Signed 16-bit integer x11.arc.y y Signed 16-bit integer x11.arcs arcs No value x11.atom atom Unsigned 32-bit integer x11.auto-repeat-mode auto-repeat-mode Unsigned 8-bit integer x11.back-blue back-blue Unsigned 16-bit integer x11.back-green back-green Unsigned 16-bit integer x11.back-red back-red Unsigned 16-bit integer x11.background background Unsigned 32-bit integer x11.background-pixel background-pixel Unsigned 32-bit integer x11.background-pixmap background-pixmap Unsigned 32-bit integer x11.backing-pixel backing-pixel Unsigned 32-bit integer x11.backing-planes backing-planes Unsigned 32-bit integer x11.backing-store backing-store Unsigned 8-bit integer x11.bell-duration bell-duration Signed 16-bit integer x11.bell-percent bell-percent Signed 8-bit integer x11.bell-pitch bell-pitch Signed 16-bit integer x11.bit-gravity bit-gravity Unsigned 8-bit integer x11.bit-plane bit-plane Unsigned 32-bit integer x11.blue blue Unsigned 16-bit integer x11.blues blues Unsigned 16-bit integer x11.border-pixel border-pixel Unsigned 32-bit integer x11.border-pixmap border-pixmap Unsigned 32-bit integer x11.border-width border-width Unsigned 16-bit integer x11.button button Unsigned 8-bit integer x11.cap-style cap-style Unsigned 8-bit integer x11.change-host-mode change-host-mode Unsigned 8-bit integer x11.cid cid Unsigned 32-bit integer x11.class class Unsigned 8-bit integer x11.clip-mask clip-mask Unsigned 32-bit integer x11.clip-x-origin clip-x-origin Signed 16-bit integer x11.clip-y-origin clip-y-origin Signed 16-bit integer x11.close-down-mode close-down-mode Unsigned 8-bit integer x11.cmap cmap Unsigned 32-bit integer x11.color-items color-items No value x11.coloritem coloritem No value x11.coloritem.blue blue Unsigned 16-bit integer x11.coloritem.flags flags Unsigned 8-bit integer x11.coloritem.flags.do-blue do-blue Boolean x11.coloritem.flags.do-green do-green Boolean x11.coloritem.flags.do-red do-red Boolean x11.coloritem.flags.unused unused Boolean x11.coloritem.green green Unsigned 16-bit integer x11.coloritem.pixel pixel Unsigned 32-bit integer x11.coloritem.red red Unsigned 16-bit integer x11.coloritem.unused unused No value x11.colormap colormap Unsigned 32-bit integer x11.colors colors Unsigned 16-bit integer x11.configure-window-mask configure-window-mask Unsigned 16-bit integer x11.configure-window-mask.border-width border-width Boolean x11.configure-window-mask.height height Boolean x11.configure-window-mask.sibling sibling Boolean x11.configure-window-mask.stack-mode stack-mode Boolean x11.configure-window-mask.width width Boolean x11.configure-window-mask.x x Boolean x11.configure-window-mask.y y Boolean x11.confine-to confine-to Unsigned 32-bit integer x11.contiguous contiguous Boolean x11.coordinate-mode coordinate-mode Unsigned 8-bit integer x11.count count Unsigned 8-bit integer x11.cursor cursor Unsigned 32-bit integer x11.dash-offset dash-offset Unsigned 16-bit integer x11.dashes dashes Byte array x11.dashes-length dashes-length Unsigned 16-bit integer x11.data data Byte array x11.data-length data-length Unsigned 32-bit integer x11.delete delete Boolean x11.delta delta Signed 16-bit integer x11.depth depth Unsigned 8-bit integer x11.direction direction Unsigned 8-bit integer x11.do-acceleration do-acceleration Boolean x11.do-not-propagate-mask do-not-propagate-mask Unsigned 32-bit integer x11.do-not-propagate-mask.Button1Motion Button1Motion Boolean x11.do-not-propagate-mask.Button2Motion Button2Motion Boolean x11.do-not-propagate-mask.Button3Motion Button3Motion Boolean x11.do-not-propagate-mask.Button4Motion Button4Motion Boolean x11.do-not-propagate-mask.Button5Motion Button5Motion Boolean x11.do-not-propagate-mask.ButtonMotion ButtonMotion Boolean x11.do-not-propagate-mask.ButtonPress ButtonPress Boolean x11.do-not-propagate-mask.ButtonRelease ButtonRelease Boolean x11.do-not-propagate-mask.KeyPress KeyPress Boolean x11.do-not-propagate-mask.KeyRelease KeyRelease Boolean x11.do-not-propagate-mask.PointerMotion PointerMotion Boolean x11.do-not-propagate-mask.erroneous-bits erroneous-bits Boolean x11.do-threshold do-threshold Boolean x11.drawable drawable Unsigned 32-bit integer x11.dst-drawable dst-drawable Unsigned 32-bit integer x11.dst-gc dst-gc Unsigned 32-bit integer x11.dst-window dst-window Unsigned 32-bit integer x11.dst-x dst-x Signed 16-bit integer x11.dst-y dst-y Signed 16-bit integer x11.event-mask event-mask Unsigned 32-bit integer x11.event-mask.Button1Motion Button1Motion Boolean x11.event-mask.Button2Motion Button2Motion Boolean x11.event-mask.Button3Motion Button3Motion Boolean x11.event-mask.Button4Motion Button4Motion Boolean x11.event-mask.Button5Motion Button5Motion Boolean x11.event-mask.ButtonMotion ButtonMotion Boolean x11.event-mask.ButtonPress ButtonPress Boolean x11.event-mask.ButtonRelease ButtonRelease Boolean x11.event-mask.ColormapChange ColormapChange Boolean x11.event-mask.EnterWindow EnterWindow Boolean x11.event-mask.Exposure Exposure Boolean x11.event-mask.FocusChange FocusChange Boolean x11.event-mask.KeyPress KeyPress Boolean x11.event-mask.KeyRelease KeyRelease Boolean x11.event-mask.KeymapState KeymapState Boolean x11.event-mask.LeaveWindow LeaveWindow Boolean x11.event-mask.OwnerGrabButton OwnerGrabButton Boolean x11.event-mask.PointerMotion PointerMotion Boolean x11.event-mask.PointerMotionHint PointerMotionHint Boolean x11.event-mask.PropertyChange PropertyChange Boolean x11.event-mask.ResizeRedirect ResizeRedirect Boolean x11.event-mask.StructureNotify StructureNotify Boolean x11.event-mask.SubstructureNotify SubstructureNotify Boolean x11.event-mask.SubstructureRedirect SubstructureRedirect Boolean x11.event-mask.VisibilityChange VisibilityChange Boolean x11.event-mask.erroneous-bits erroneous-bits Boolean x11.exposures exposures Boolean x11.family family Unsigned 8-bit integer x11.fid fid Unsigned 32-bit integer x11.fill-rule fill-rule Unsigned 8-bit integer x11.fill-style fill-style Unsigned 8-bit integer x11.first-keycode first-keycode Unsigned 8-bit integer x11.focus focus Unsigned 8-bit integer x11.font font Unsigned 32-bit integer x11.fore-blue fore-blue Unsigned 16-bit integer x11.fore-green fore-green Unsigned 16-bit integer x11.fore-red fore-red Unsigned 16-bit integer x11.foreground foreground Unsigned 32-bit integer x11.format format Unsigned 8-bit integer x11.function function Unsigned 8-bit integer x11.gc gc Unsigned 32-bit integer x11.gc-dashes gc-dashes Unsigned 8-bit integer x11.gc-value-mask gc-value-mask Unsigned 32-bit integer x11.gc-value-mask.arc-mode arc-mode Boolean x11.gc-value-mask.background background Boolean x11.gc-value-mask.cap-style cap-style Boolean x11.gc-value-mask.clip-mask clip-mask Boolean x11.gc-value-mask.clip-x-origin clip-x-origin Boolean x11.gc-value-mask.clip-y-origin clip-y-origin Boolean x11.gc-value-mask.dash-offset dash-offset Boolean x11.gc-value-mask.fill-rule fill-rule Boolean x11.gc-value-mask.fill-style fill-style Boolean x11.gc-value-mask.font font Boolean x11.gc-value-mask.foreground foreground Boolean x11.gc-value-mask.function function Boolean x11.gc-value-mask.gc-dashes gc-dashes Boolean x11.gc-value-mask.graphics-exposures graphics-exposures Boolean x11.gc-value-mask.join-style join-style Boolean x11.gc-value-mask.line-style line-style Boolean x11.gc-value-mask.line-width line-width Boolean x11.gc-value-mask.plane-mask plane-mask Boolean x11.gc-value-mask.stipple stipple Boolean x11.gc-value-mask.subwindow-mode subwindow-mode Boolean x11.gc-value-mask.tile tile Boolean x11.gc-value-mask.tile-stipple-x-origin tile-stipple-x-origin Boolean x11.gc-value-mask.tile-stipple-y-origin tile-stipple-y-origin Boolean x11.get-property-type get-property-type Unsigned 32-bit integer x11.grab_window grab_window Unsigned 32-bit integer x11.graphics-exposures graphics-exposures Boolean x11.green green Unsigned 16-bit integer x11.greens greens Unsigned 16-bit integer x11.height height Unsigned 16-bit integer x11.image-format image-format Unsigned 8-bit integer x11.image-pixmap-format image-pixmap-format Unsigned 8-bit integer x11.interval interval Signed 16-bit integer x11.items items No value x11.join-style join-style Unsigned 8-bit integer x11.key key Unsigned 8-bit integer x11.key-click-percent key-click-percent Signed 8-bit integer x11.keyboard-key keyboard-key Unsigned 8-bit integer x11.keyboard-mode keyboard-mode Unsigned 8-bit integer x11.keyboard-value-mask keyboard-value-mask Unsigned 32-bit integer x11.keyboard-value-mask.auto-repeat-mode auto-repeat-mode Boolean x11.keyboard-value-mask.bell-duration bell-duration Boolean x11.keyboard-value-mask.bell-percent bell-percent Boolean x11.keyboard-value-mask.bell-pitch bell-pitch Boolean x11.keyboard-value-mask.key-click-percent key-click-percent Boolean x11.keyboard-value-mask.keyboard-key keyboard-key Boolean x11.keyboard-value-mask.led led Boolean x11.keyboard-value-mask.led-mode led-mode Boolean x11.keycode-count keycode-count Unsigned 8-bit integer x11.keycodes keycodes No value x11.keycodes-per-modifier keycodes-per-modifier Unsigned 8-bit integer x11.keycodes.item item Byte array x11.keysyms keysyms No value x11.keysyms-per-keycode keysyms-per-keycode Unsigned 8-bit integer x11.keysyms.item item No value x11.keysyms.item.keysym keysym Unsigned 32-bit integer x11.led led Unsigned 8-bit integer x11.led-mode led-mode Unsigned 8-bit integer x11.left-pad left-pad Unsigned 8-bit integer x11.line-style line-style Unsigned 8-bit integer x11.line-width line-width Unsigned 16-bit integer x11.long-length long-length Unsigned 32-bit integer x11.long-offset long-offset Unsigned 32-bit integer x11.map map Byte array x11.map-length map-length Unsigned 8-bit integer x11.mask mask Unsigned 32-bit integer x11.mask-char mask-char Unsigned 16-bit integer x11.mask-font mask-font Unsigned 32-bit integer x11.max-names max-names Unsigned 16-bit integer x11.mid mid Unsigned 32-bit integer x11.mode mode Unsigned 8-bit integer x11.modifiers-mask modifiers-mask Unsigned 16-bit integer x11.modifiers-mask.AnyModifier AnyModifier Unsigned 16-bit integer x11.modifiers-mask.Control Control Boolean x11.modifiers-mask.Lock Lock Boolean x11.modifiers-mask.Mod1 Mod1 Boolean x11.modifiers-mask.Mod2 Mod2 Boolean x11.modifiers-mask.Mod3 Mod3 Boolean x11.modifiers-mask.Mod4 Mod4 Boolean x11.modifiers-mask.Mod5 Mod5 Boolean x11.modifiers-mask.Shift Shift Boolean x11.modifiers-mask.erroneous-bits erroneous-bits Boolean x11.name name String x11.name-length name-length Unsigned 16-bit integer x11.odd-length odd-length Boolean x11.only-if-exists only-if-exists Boolean x11.opcode opcode Unsigned 8-bit integer x11.ordering ordering Unsigned 8-bit integer x11.override-redirect override-redirect Boolean x11.owner owner Unsigned 32-bit integer x11.owner-events owner-events Boolean x11.parent parent Unsigned 32-bit integer x11.path path No value x11.path.string string String x11.pattern pattern String x11.pattern-length pattern-length Unsigned 16-bit integer x11.percent percent Unsigned 8-bit integer x11.pid pid Unsigned 32-bit integer x11.pixel pixel Unsigned 32-bit integer x11.pixels pixels No value x11.pixels_item pixels_item Unsigned 32-bit integer x11.pixmap pixmap Unsigned 32-bit integer x11.plane-mask plane-mask Unsigned 32-bit integer x11.planes planes Unsigned 16-bit integer x11.point point No value x11.point-x point-x Signed 16-bit integer x11.point-y point-y Signed 16-bit integer x11.pointer-event-mask pointer-event-mask Unsigned 16-bit integer x11.pointer-event-mask.Button1Motion Button1Motion Boolean x11.pointer-event-mask.Button2Motion Button2Motion Boolean x11.pointer-event-mask.Button3Motion Button3Motion Boolean x11.pointer-event-mask.Button4Motion Button4Motion Boolean x11.pointer-event-mask.Button5Motion Button5Motion Boolean x11.pointer-event-mask.ButtonMotion ButtonMotion Boolean x11.pointer-event-mask.ButtonPress ButtonPress Boolean x11.pointer-event-mask.ButtonRelease ButtonRelease Boolean x11.pointer-event-mask.EnterWindow EnterWindow Boolean x11.pointer-event-mask.KeymapState KeymapState Boolean x11.pointer-event-mask.LeaveWindow LeaveWindow Boolean x11.pointer-event-mask.PointerMotion PointerMotion Boolean x11.pointer-event-mask.PointerMotionHint PointerMotionHint Boolean x11.pointer-event-mask.erroneous-bits erroneous-bits Boolean x11.pointer-mode pointer-mode Unsigned 8-bit integer x11.points points No value x11.prefer-blanking prefer-blanking Unsigned 8-bit integer x11.properties properties No value x11.properties.item item Unsigned 32-bit integer x11.property property Unsigned 32-bit integer x11.property-number property-number Unsigned 16-bit integer x11.rectangle rectangle No value x11.rectangle-height rectangle-height Unsigned 16-bit integer x11.rectangle-width rectangle-width Unsigned 16-bit integer x11.rectangle-x rectangle-x Signed 16-bit integer x11.rectangle-y rectangle-y Signed 16-bit integer x11.rectangles rectangles No value x11.red red Unsigned 16-bit integer x11.reds reds Unsigned 16-bit integer x11.request request Unsigned 8-bit integer x11.request-length request-length Unsigned 16-bit integer x11.requestor requestor Unsigned 32-bit integer x11.resource resource Unsigned 32-bit integer x11.revert-to revert-to Unsigned 8-bit integer x11.save-set-mode save-set-mode Unsigned 8-bit integer x11.save-under save-under Boolean x11.screen-saver-mode screen-saver-mode Unsigned 8-bit integer x11.segment segment No value x11.segment_x1 segment_x1 Signed 16-bit integer x11.segment_x2 segment_x2 Signed 16-bit integer x11.segment_y1 segment_y1 Signed 16-bit integer x11.segment_y2 segment_y2 Signed 16-bit integer x11.segments segments No value x11.selection selection Unsigned 32-bit integer x11.shape shape Unsigned 8-bit integer x11.sibling sibling Unsigned 32-bit integer x11.source-char source-char Unsigned 16-bit integer x11.source-font source-font Unsigned 32-bit integer x11.source-pixmap source-pixmap Unsigned 32-bit integer x11.src-cmap src-cmap Unsigned 32-bit integer x11.src-drawable src-drawable Unsigned 32-bit integer x11.src-gc src-gc Unsigned 32-bit integer x11.src-height src-height Unsigned 16-bit integer x11.src-width src-width Unsigned 16-bit integer x11.src-window src-window Unsigned 32-bit integer x11.src-x src-x Signed 16-bit integer x11.src-y src-y Signed 16-bit integer x11.stack-mode stack-mode Unsigned 8-bit integer x11.start start Unsigned 32-bit integer x11.stipple stipple Unsigned 32-bit integer x11.stop stop Unsigned 32-bit integer x11.str-number-in-path str-number-in-path Unsigned 16-bit integer x11.string string String x11.string-length string-length Unsigned 32-bit integer x11.string16 string16 String x11.string16.bytes bytes Byte array x11.subwindow-mode subwindow-mode Unsigned 8-bit integer x11.target target Unsigned 32-bit integer x11.textitem textitem No value x11.textitem.font font Unsigned 32-bit integer x11.textitem.string string No value x11.textitem.string.delta delta Signed 8-bit integer x11.textitem.string.string16 string16 String x11.textitem.string.string16.bytes bytes Byte array x11.textitem.string.string8 string8 String x11.threshold threshold Signed 16-bit integer x11.tile tile Unsigned 32-bit integer x11.tile-stipple-x-origin tile-stipple-x-origin Signed 16-bit integer x11.tile-stipple-y-origin tile-stipple-y-origin Signed 16-bit integer x11.time time Unsigned 32-bit integer x11.timeout timeout Signed 16-bit integer x11.type type Unsigned 32-bit integer x11.undecoded undecoded No value x11.unused unused No value x11.visual visual Unsigned 32-bit integer x11.visualid visualid Unsigned 32-bit integer x11.warp-pointer-dst-window warp-pointer-dst-window Unsigned 32-bit integer x11.warp-pointer-src-window warp-pointer-src-window Unsigned 32-bit integer x11.wid wid Unsigned 32-bit integer x11.width width Unsigned 16-bit integer x11.win-gravity win-gravity Unsigned 8-bit integer x11.window window Unsigned 32-bit integer x11.window-class window-class Unsigned 16-bit integer x11.window-value-mask window-value-mask Unsigned 32-bit integer x11.window-value-mask.background-pixel background-pixel Boolean x11.window-value-mask.background-pixmap background-pixmap Boolean x11.window-value-mask.backing-pixel backing-pixel Boolean x11.window-value-mask.backing-planes backing-planes Boolean x11.window-value-mask.backing-store backing-store Boolean x11.window-value-mask.bit-gravity bit-gravity Boolean x11.window-value-mask.border-pixel border-pixel Boolean x11.window-value-mask.border-pixmap border-pixmap Boolean x11.window-value-mask.colormap colormap Boolean x11.window-value-mask.cursor cursor Boolean x11.window-value-mask.do-not-propagate-mask do-not-propagate-mask Boolean x11.window-value-mask.event-mask event-mask Boolean x11.window-value-mask.override-redirect override-redirect Boolean x11.window-value-mask.save-under save-under Boolean x11.window-value-mask.win-gravity win-gravity Boolean x11.x x Signed 16-bit integer x11.y y Signed 16-bit integer Yahoo Messenger Protocol (yhoo) yhoo.connection_id Connection ID Unsigned 32-bit integer yhoo.content Content String yhoo.len Packet Length Unsigned 32-bit integer yhoo.magic_id Magic ID Unsigned 32-bit integer yhoo.msgtype Message Type Unsigned 32-bit integer yhoo.nick1 Real Nick (nick1) String yhoo.nick2 Active Nick (nick2) String yhoo.service Service Type Unsigned 32-bit integer yhoo.unknown1 Unknown 1 Unsigned 32-bit integer yhoo.version Version String Yellow Pages Bind (ypbind) Yellow Pages Service (ypserv) ypserv.domain Domain String ypserv.key Key String ypserv.map Map Name String ypserv.servesdomain Serves Domain Boolean ypserv.status Status Boolean ypserv.value Value String Yellow Pages Transfer (ypxfr)FILES
/etc/ethers is consulted to correlate 6-byte hardware addresses to names. If an address is not found in /etc/ethers, the $HOME/.ethereal/ethers file is consulted next. Each line contains one hardware address and name, separated by whitespace. The digits of the hardware address are separated by either a colon (:), a dash (-), or a period (.). The following three lines are valid lines of an ethers file: ff:ff:ff:ff:ff:ff Broadcast c0-00-ff-ff-ff-ff TR_broadcast 00.00.00.00.00.00 Zero_broadcast /usr/local/etc/manuf matches the 3-byte vendor portion of a 6-byte hardware address with the manufacturer's name. The format of the file is the same as the /etc/ethers file, except that each address is three bytes instead of six. /etc/ipxnets and $HOME/.ethereal/ipxnets correlate 4-byte IPX network numbers to names. The format is the same as the /etc/ethers file, except that each address if four bytes instead of six. Additionally, the address can be represented a single hexadecimal number, as is more common in the IPX world, rather than four hex octets. For example, these four lines are valid lines of an ipxnets file. C0.A8.2C.00 HR c0-a8-1c-00 CEO 00:00:BE:EF IT_Server1 110f FileServer3SEE ALSO
the ethereal(1) manpage, the tcpdump(8) manpage, the pcap(3) manpageNOTES
Tethereal is part of the Ethereal distribution. The latest version of Ethereal can be found at http://ethereal.zing.org.AUTHORS
Tethereal uses the same packet dissection code that Ethereal does, as well as using many other modules from Ethereal; see the list of authors in the Ethereal man page for a list of authors of that code.
|
Закладки на сайте Проследить за страницей |
Created 1996-2024 by Maxim Chirkov Добавить, Поддержать, Вебмастеру |