Content-type: text/html Manpage of ETHEREAL

ETHEREAL

Section: The Ethereal Network Analyzer (1)
Updated: perl 5.005, patch 03
Index Return to Main Contents

NAME

Ethereal - Interactively browse network traffic

SYNOPSYS

ethereal [ -B byte view height ] [ -b bold font ] [ -c count ] [ -D ] [ -f filter expression ] [ -h ] [ -i interface ] [ -k ] [ -m font ] [ -n ] [ -P packet list height ] [ -Q ] [ -r infile ] [ -R filter expression ] [ -S ] [ -s snaplen ] [ -T tree view height ] [ -t time stamp format ] [ -v ] [ -w savefile]

DESCRIPTION

Ethereal is a GUI network protocol analyzer. It lets you interactively browse packet data from a live network or from a previously saved capture file. Ethereal knows how to read libpcap capture files, including those of tcpdump. In addition, Ethereal can read capture files from snoop (including Shomiti) and atmsnoop, LanAlyzer, Sniffer (compressed or uncompressed), Microsoft Network Monitor, AIX's iptrace, NetXray, Sniffer Pro, RADCOM's WAN/LAN analyzer, Lucent/Ascend router debug output, HP-UX's nettl, the dump output from Toshiba's ISDN routers, and i4btrace from the ISDN4BSD project. There is no need to tell Ethereal what type of file you are reading; it will determine the file type by itself. Ethereal is also capable of reading any of these file formats if they are compressed using gzip. Ethereal recognizes this directly from the file; the `.gz' extension is not required for this purpose.

Like other protocol analyzers, Ethereal's main window shows 3 views of a packet. It shows a summary line, briefly describing what the packet is. A protocol tree is shown, allowing you to drill down to exact protocol or field that you interested in. Finally, a hex dump shows you exactly what the packet looks like when it goes over the wire.

In addition, Ethereal has some features that make it unique. It can assemble all the packets in a TCP conversation and show you the ASCII (or EBCDIC) data in that conversation. Display filters in Ethereal are very powerful; more fields are filterable in Ethereal than in other protocol analyzers, and the syntax you can use to create your filters is richer. As Ethereal progresses, expect more and more protocol fields to be allowed in display filters.

Packet capturing is performed with the pcap library. The capture filter syntax follows the rules of the pcap library. This syntax is different from the display filter syntax.

Compressed file support uses (and therefore requires) the zlib library. If the zlib library is not present, Ethereal will compile, but will be unable to read compressed files.

OPTIONS

-B: Sets the initial height of the byte view (bottom) pane.
-b: Sets the name of the bold font used for the data in the byte view pane that corresponds to the field selected in the protocol tree pane.
-c: Sets the default number of packets to read when capturing live data.
-D: Turns off treating the original IPv4 TOS field as the Differentiated Services Field. The structure of the DS Field is defined in RFC 2474.
-f: Sets the capture filter expression.
-h: Prints the version and options and exits.
-i: Sets the name of the network interface to use for live packet capture. It should match one of the names listed in ``netstat -i'' or ``ifconfig -a''.
-k: Starts the capture session immediately. If the -i flag was specified, the capture uses the specified interface. Otherwise, Ethereal searches the list of interfaces, choosing the first non-loopback interface if there are any non-loopback interfaces, and choosing the first loopback interface if there are no non-loopback interfaces; if there are no interfaces, Ethereal reports an error and doesn't start the capture.
-m: Sets the name of the font used by Ethereal for most text.
-n: Disables network object name resolution (such as hostname, TCP and UDP port names).
-P: Sets the initial height of the packet list (top) pane.
-Q: Causes Ethereal to exit after the end of capture session (useful in batch mode with -c option for instance); this option requires the -i and -w parameters.
-r: Reads packet data from file.
-R: When reading a capture file specified with the -r flag, causes the specified filter (which uses the syntax of display filters, rather than that of capture filters) to be applied to all packets read from the capture file; packets not matching the filter are discarded.
-S: Specifies that the live packet capture will be performed in a separate process, and that the packet display will automatically be updated as packets are seen.
-s: Sets the default snapshot length to use when capturing live data. No more than snaplen bytes of each network packet will be read into memory, or saved to disk.
-T: Sets the initial height of the tree view (middle) pane.
-t: Sets the format of the packet timestamp displayed in the packet list window. The format can be one of `r' (relative), `a' (absolute), or `d' (delta). The relative time is the time elapsed between the first packet and the current packet. The absolute time is the actual date and time the packet was captured. The delta time is the time since the previous packet was captured. The default is relative.
-v: Prints the version and exits.
-w: Sets the default capture file name.

INTERFACE

MENU ITEMS

File:Open, File:Close, File:Reload: Open, close, or reload a capture file. The File:Open dialog box allows a filter to be specified; when the capture file is read, the filter is applied to all packets read from the file, and packets not matching the filter are discarded.
File:Save, File:Save As: Save the current capture, or the packets currently displayed from that capture, to a file. A check box lets you select whether to save all packets, or just those that have passed the current display filter, and an option menu lets you select (from a list of file formats in which at particular capture, or the packets currently displayed from that capture, can be saved), a file format in which to save it.
File:Print: Prints, for all the packets in the current capture, either the summary line for the packet or the protocol tree view of the packet; when printing the protocol tree view, the hex dump of the packet can be printed as well. Printing options can be set with the Edit:Preferences menu item, or in the dialog box popped up by this item.
File:Print Packet: Print a fully-expanded protocol tree view of the currently-selected packet. Printing options can be set with the Edit:Preferences menu item.
File:Quit: Exits the application.
Edit:Find Frame: Allows you to search forward or backward, starting with the currently selected packet (or the most recently selected packet, if no packet is selected), for a packet matching a given display filter.
Edit:Go To Frame: Allows you to go to a particular numbered packet.
Edit:Preferences: Sets the packet printing, column display, TCP stream coloring, and GUI options (see the section on Preferences below).
Edit:Filters: Edits the saved list of filters, allowing filters to be added, changed, or deleted, and lets a selected filter be applied to the current capture, if any.
Capture:Start: Initiates a live packet capture (see the section on Capture Preferences below). A temporary file will be created to hold the capture. The location of the file can be chosen by setting your TMPDIR environment variable before starting Ethereal. Otherwise, the default TMPDIR location is system-dependent, but is likely either /var/tmp or /tmp.
Display:Options: Allows you to sets the format of the packet timestamp displayed in the packet list window to relative, absolute, or delta, to enable or disable the automatic scrolling of the packet list while a live capture is in progress, to enable or disable translation of addresses to names in the display, or to enable or disable interpretation of the IPv4 TOS field as the Differentiated Services field.
Display:Match Selected: Creates and applies a display filter based on the data that is currently highlighted in the protocol tree. If that data is a field that can be tested in a display filter expression, the display filter will test that field; otherwise, the display filter will be based on absolute offset within the packet, and so could be unreliable if the packet contains protocols with variable-length headers, such as a source-routed token-ring packet.
Display:Colorize Display: Allows you to change the foreground and background colors of the packet information in the list of packets, based upon display filters. The list of display filters is applied to each packet sequentially. After the first display filter matches a packet, any additional display filters in the list are ignored. Therefore, if you are filtering on the existence of protocols, you should list the higher-level protocols first, and the lower-level protocols last.
Display:Collapse All: Collapses the protocol tree branches.
Display:Expand All: Expands all branches of the protocol tree.
Display:Expand All: Expands all branches of the protocol tree.
Display:Show Packet In New Window: Creates a new window containing a protocol tree view and a hex dump window of the currently selected packet; this window will continue to display that packet's protocol tree and data even if another packet is selected.
Tools:Plugins: Allows you to use and configure dynamically loadable modules (see the section on Plugins below).
Tools:Follow TCP Stream: If you have a TCP packet selected, it will display the contents of the data stream for the TCP connection to which that packet belongs, as text, in a separate window, and will leave the list of packets in a filtered state, with only those packets that are part of that TCP connection being displayed. You can revert to your old view by pressing ENTER in the display filter text box, thereby invoking your old display filter (or resetting it back to no display filter).
The window in which the data stream is displayed lets you select whether the data being displayed is to be treated as ASCII or EBCDIC text, and lets you print the text, using the same print options that are used for the File:Print Packet menu item.

WINDOWS

Main Window

The main window is split into three panes. You can resize each pane using a ``thumb'' at the right end of each divider line. Below the panes is a strip that shows the file load progress, current filter, and informational text.

Top Pane

The top pane contains the list of network packets that you can scroll through and select. By default, the packet number, packet timestamp, source and destination addresses, protocol, and description are displayed for each packet; the Columns page in the dialog box popped up by Edit:Preferences lets you change this (although, unfortunately, you currently have to save the preferences, and exit and restart Ethereal, for those changes to take effect).

If you click on the heading for a column, the display will be sorted by that column; clicking on the heading again will reverse the sort order for that column.

An effort is made to display information as high up the protocol stack as possible, e.g. IP addresses are displayed for IP packets, but the MAC layer address is displayed for unknown packet types.

The right mouse button can be used to pop up a menu of operations.

Middle Pane

The middle pane contains a protocol tree for the currently-selected packet. The tree displays each field and its value in each protocol header in the stack. The right mouse button can be used to pop up a menu of operations.

Bottom Pane

The lowest pane contains a hex dump of the actual packet data. Selecting a field in the protocol tree highlights the corresponding bytes in this section.

Current Filter

A display filter can be entered into the strip at the bottom. A filter for HTTP, HTTPS, and DNS traffic might look like this:

  tcp.port == 80 || tcp.port == 443 || tcp.port == 53

Selecting the Filter: button lets you choose from a list of named filters that you can optionally save. Pressing the Return or Enter keys will cause the filter to be applied to the current list of packets. Selecting the Reset button clears the display filter so that all packets are displayed.

Preferences

The Preferences dialog lets you control various personal preferences for the behavior of Ethereal.

Printing Preferences

The radio buttons at the top of the Printing page allow you choose between printing packets with the File:Print Packet menu item as text or PostScript, and sending the output directly to a command or saving it to a file. The Command: text entry box is the command to send files to (usually lpr), and the File: entry box lets you enter the name of the file you wish to save to. Additionally, you can select the File: button to browse the file system for a particular save file.

Column Preferences

The Columns page lets you specify the number, title, and format of each column in the packet list.

The Column title entry is used to specify the title of the column displayed at the top of the packet list. The type of data that the column displays can be specified using the Column format option menu. The row of buttons on the left perform the following actions:

New

Adds a new column to the list.

Change

Modifies the currently selected list item.

Delete

Deletes the currently selected list item.

Up / Down

Moves the selected list item up or down one position.

OK

Currently has no effect.

Save

Saves the current column format as the default.

Cancel

Closes the dialog without making any changes.

TCP Stream Preferences

The TCP Streams page can be used to change the color of the text displayed in the TCP stream window. To change a color, simply select an attribute from the ``Set:'' menu and use the color selector to get the desired color. The new text colors are displayed in a sample window.

GUI Preferences

The GUI page is used to modify small aspects of the GUI to your own personal taste. The vertical scrollbars in the three panes can be set to be either on the left or the right. The selection bar in the packet list and protocol tree can have either a ``browse'' or ``select'' behavior. If the selection bar has a ``browse'' behavior, the arrow keys will move an outline of the selection bar, allowing you to browse the rest of the list or tree without changing the selection until you press the space bar. If the selection bar has a ``select'' behavior, the arrow keys will move the selection bar and change the selection to the new item in the packet list or protocol tree.

Filters

The Filters dialog lets you create and modify filters, and set the default filter to use when capturing data or opening a capture file.

The Filter name entry specifies a descriptive name for a filter, e.g. Web and DNS traffic. The Filter string entry is the text that actually describes the filtering action to take, as described above.The dialog buttons perform the following actions:

New

If there is text in the two entry boxes, it creates a new associated list item.

Change

Modifies the currently selected list item to match what's in the entry boxes.

Copy

Makes a copy of the currently selected list item.

Delete

Deletes the currently selected list item.

Apply

Sets the currently selected list item as the active filter, and applies it to the current capture, if any. (The currently selected list item must be a display filter, not a capture filter.) If nothing is selected, turns filtering off.

OK

Sets the currently selected list item as the active filter. If nothing is selected, turns filtering off.

Save

Saves the current filter list in $HOME/.ethereal/filters.

Cancel

Closes the dialog without making any changes.

Capture Preferences

The Capture Preferences dialog lets you specify various parameters for capturing live packet data.

The Interface: combo box lets you specify the interface from which to capture packet data. The Count: entry specifies the number of packets to capture. Entering 0 will capture packets indefinitely. The Filter: entry lets you specify the capture filter using a tcpdump-style filter string as described above. The File: entry specifies the file to save to, as in the Printer Options dialog above. You can specify the maximum number of bytes to capture per packet with the Capture length entry, can specify that the display should be updated as packets are captured with the Update list of packets in real time check box, can specify whether in such a capture the packet list pane should scroll to show the most recently captured packets with the Automatic scrolling in live capture check box, and can specify whether addresses should be translated to names in the display with the Enable name resolution check box.

Display Options

The Display Options dialog lets you specify the format of the time stamp in the packet list. You can select ``Time of day'' for absolute time stamps, ``Seconds since beginning of capture'' for relative time stamps, or ``Seconds since previous frame'' for delta time stamps. You can also specify whether, when the display is updated as packets are captured, the list should automatically scroll to show the most recently captured packets or not, whether addresses should be translated to names in the display, and whether IPv4 TOS field should be treated as the Differentiated Services field.

Plugins

The Plugins dialog lets you view and configure the plugins available on your system.

The Plugins List shows the name, description, version and state (enabled or not) of each plugin found on your system. The plugins are searched in the following directories: /usr/share/ethereal/plugins, /usr/local/share/ethereal/plugins and ~/.ethereal/plugins

A plugin must be activated using the Enable button in order to use it to dissect packets. It can also be deactivated with the Disable button.

The Filter button shows the filter used to select packets which should be dissected by a plugin (see the section on DISPLAY FILTER SYNTAX below). This filter can be modified.

CAPTURE FILTER SYNTAX

See manual page of tcpdump(8).

DISPLAY FILTER SYNTAX

Display filters help you remove the noise from a packet trace and let you see only the packets that interest you. If a packet meets the requirements expressed in your display filter, then it is displayed in the list of packets. Display filters let you compare the fields within a protocol against a specific value, compare fields against fields, and to check the existence of specified fields or protocols.

The simplest display filter allows you to check for the existence of a protocol or field. If you want to see all packets which contain the IPX protocol, the filter would be ``ipx''. (Without the quotation marks) To see all packets that contain a Token-Ring RIF field, use ``tr.rif''.

Fields can also be compared against values. The comparison operators can be expressed either through C-like symbols, or through English-like abbreviations:

    eq, ==    Equal
    ne, !=    Not equal
    gt, >     Greater than
    lt, <     Less Than
    ge, >=    Greater than or Equal to
    le, <=    Less than or Equal to

Furthermore, each protocol field is typed. The types are:

    Unsigned integer (either 8-bit, 16-bit, 24-bit, or 32-bit)
    Signed integer (either 8-bit, 16-bit, 24-bit, or 32-bit)
    Boolean
    Ethernet address (6 bytes)
    Byte string (n-number of bytes)
    IPv4 address
    IPv6 address
    IPX network number
    String (text)
    Double-precision floating point number

An integer may be expressed in decimal, octal, or hexadecimal notation. The following three display filters are equivalent:

    frame.pkt_len > 10
    frame.pkt_len > 012
    frame.pkt_len > 0xa

Boolean values are either true or false. However, a boolean field is present in a protocol decode only if its value is true. If the value is false, the field is not presence. You can therefore check the truth value of a boolean field by simply checking for its existence, that is, by naming the field. For example, a token-ring packet's source route field is boolean. To find any source-routed packets, the display filter is simply:

    tr.sr

Non source-routed packets can be found with the negation of that filter:

    ! tr.sr

Ethernet addresses, as well as a string of bytes, are represented in hex digits. The hex digits may be separated by colons, periods, or hyphens:

    fddi.dst eq ff:ff:ff:ff:ff:ff
    ipx.srcnode == 0.0.0.0.0.1
    eth.src == aa-aa-aa-aa-aa-aa

If a string of bytes contains only one byte, then it is represented as an unsigned integer. That is, if you are testing for hex value `ff' in a one-byte byte-string, you must compare it agains `0xff' and not `ff'.

IPv4 addresses can be represented in either dotted decimal notation, or by using the hostname:

    ip.dst eq www.mit.edu
    ip.src == 192.168.1.1

IPv4 address can be compared with the same logical relations as numbers: eq, ne, gt, ge, lt, and le. The IPv4 address is stored in host order, so you do not have to worry about how the endianness of an IPv4 address when using it in a display filter.

Classless InterDomain Routing (CIDR) notation can be used to test if an IPv4 address is in a certain subnet. For example, this display filter will find all packets in the 129.111 Class-B network:

    ip.addr == 129.111.0.0/16

Remember, the number after the slash represents the number of bits used to represent the network. CIDR notation can also be used with hostnames, in this example of finding IP addresses on the same Class C network as `sneezy':

    ip.addr eq sneezy/24

The CIDR notation can only be used on IP addresses or hostnames, not in variable names. So, a display filter like ``ip.src/24 == ip.dst/24'' is not valid. (yet)

IPX networks are represented by unsigned 32-bit integers. Most likely you will be using hexadecimal when testing for IPX network values:

    ipx.srcnet == 0xc0a82c00

A substring operator also exists. You can check the substring (byte-string) of any protocol or field. For example, you can filter on the vendor portion of an ethernet address (the first three bytes) like this:

    eth.src[0:3] == 00:00:83

Or more simply, since the number of bytes is inherent in the byte-string you provide, you can provide just the offset. The previous example can be stated like this:

    eth.src[0] == 00:00:83

In fact, the only time you need to explicitly provide a length is when you don't provide a byte-string, and are comparing fields against fields:

    fddi.src[0:3] == fddi.dst[0:3]

If the length of your byte-string is only one byte, then it must be represented in the same way as an unsigned 8-bit integer:

    llc[3] == 0xaa

You can use the substring operator on a protocol name, too. And remember, the ``frame'' protocol encompasses the entire packet, allowing you to look at the nth byte of a packet regardless of its frame type (Ethernet, token-ring, etc.).

    token[0:5] ne 0.0.0.1.1
    ipx[0:2] == ff:ff
    llc[3:1] eq 0xaa

Offsets for byte-strings can also be negative, in which case the negative number indicates the number of bytes from the end of the field or protocol that you are testing. Here's how to check the last 4 bytes of a frame:

    frame[-4] == 0.1.2.3

    frame[-4:4] == 0.1.2.3

All the above tests can be combined together with logical expressions. These too are expressable in C-like syntax or with English-like abbreviations:

    and, &&   Logical AND
    or, ||    Logical OR
    xor, ^^   Logical XOR
    not, !    Logical NOT

Expressions can be grouped by parentheses as well. The following are all valid display filter expression:

    tcp.port == 80 and ip.src == 192.168.2.1
    not llc
    (ipx.srcnet == 0xbad && ipx.srnode == 0.0.0.0.0.1) || ip
    tr.dst[0:3] == 0.6.29 xor tr.src[0:3] == 0.6.29

A special caveat must be given regarding fields that occur more than once per packet. ``ip.addr'' occurs twice per IP packet, once for the source address, and once for the destination address. Likewise, tr.rif.ring fields can occur more than once per packet. The following two expressions are not equivalent:

        ip.addr ne 192.168.4.1
    not ip.addr eq 192.168.4.1

The first filter says ``show me all packets where an ip.addr exists that does not equal 192.168.4.1''. That is, as long as one ip.addr in the packet does not equal 192.168.44.1, the packet passes the display filter. The second filter ``don't show me any packets that have at least one ip.addr field equal to 192.168.4.1''. If one ip.addr is 192.168.4.1, the packet does not pass. If neither ip.addr fields is 192.168.4.1, then the packet passes.

It is easy to think of the `ne' and `eq' operators as having an implict ``exists'' modifier when dealing with multiply-recurring fields. ``ip.addr ne 192.168.4.1'' can be thought of as ``there exists an ip.addr that does not equal 192.168.4.1''.

Be careful with multiply-recurring fields; they can be confusing.

The following is a table of protocol and protocol fields that are filterable in Ethereal. The abbreviation of the protocol or field is given. This abbreviation is what you use in the display filter. The type of the field is also given.

802.1q Virtual LAN (vlan)

    vlan.cfi  CFI
        Unsigned 16-bit integer

    vlan.etype  Type
        Unsigned 16-bit integer

    vlan.id  ID
        Unsigned 16-bit integer

    vlan.priority  Priority
        Unsigned 16-bit integer

ATM (atm)

    atm.vci  VCI
        Unsigned 16-bit integer

    atm.vpi  VPI
        Unsigned 8-bit integer

ATM LANE (lane)

Address Resolution Protocol (arp)

    arp.dst.atm_num_e164  Target ATM number (E.164)
        String

    arp.dst.atm_num_nsap  Target ATM number (NSAP)
        Byte array

    arp.dst.atm_subaddr  Target ATM subaddress
        Byte array

    arp.dst.htl  Target ATM number type and length
        Unsigned 8-bit integer

    arp.dst.hw  Target hardware address
        Byte array

    arp.dst.pln  Target protocol size
        Unsigned 8-bit integer

    arp.dst.proto  Target protocol address
        Byte array

    arp.dst.slen  Target ATM subaddress length
        Unsigned 8-bit integer

    arp.hw.size  Hardware size
        Unsigned 8-bit integer

    arp.hw.type  Hardware type
        Unsigned 16-bit integer

    arp.opcode  Opcode
        Unsigned 16-bit integer

    arp.proto.size  Protocol size
        Unsigned 8-bit integer

    arp.proto.type  Protocol type
        Unsigned 16-bit integer

    arp.src.atm_num_e164  Sender ATM number (E.164)
        String

    arp.src.atm_num_nsap  Sender ATM number (NSAP)
        Byte array

    arp.src.atm_subaddr  Sender ATM subaddress
        Byte array

    arp.src.htl  Sender ATM number type and length
        Unsigned 8-bit integer

    arp.src.hw  Sender hardware address
        Byte array

    arp.src.pln  Sender protocol size
        Unsigned 8-bit integer

    arp.src.proto  Sender protocol address
        Byte array

    arp.src.slen  Sender ATM subaddress length
        Unsigned 8-bit integer

Andrew File System (AFS) (afs)

    afs.backup  Backup
        Boolean

    afs.backup.errcode  Error Code
        Unsigned 32-bit integer

    afs.backup.opcode  Operation
        Unsigned 32-bit integer

    afs.bos  BOS
        Boolean

    afs.bos.content  Content
        String

    afs.bos.date  Date
        Unsigned 32-bit integer

    afs.bos.errcode  Error Code
        Unsigned 32-bit integer

    afs.bos.flags  Flags
        Unsigned 32-bit integer

    afs.bos.instance  Instance
        String

    afs.bos.number  Number
        Unsigned 32-bit integer

    afs.bos.opcode  Operation
        Unsigned 32-bit integer

    afs.bos.size  Size
        Unsigned 32-bit integer

    afs.bos.status  Status
        Signed 32-bit integer

    afs.bos.type  Type
        String

    afs.cb  Callback
        Boolean

    afs.cb.callback.expires  Expires
        Date/Time stamp

    afs.cb.callback.type  Type
        Unsigned 32-bit integer

    afs.cb.callback.version  Version
        Unsigned 32-bit integer

    afs.cb.errcode  Error Code
        Unsigned 32-bit integer

    afs.cb.fid.uniq  FileID (Uniqifier)
        Unsigned 32-bit integer

    afs.cb.fid.vnode  FileID (VNode)
        Unsigned 32-bit integer

    afs.cb.fid.volume  FileID (Volume)
        Unsigned 32-bit integer

    afs.cb.opcode  Operation
        Unsigned 32-bit integer

    afs.error  Error
        Boolean

    afs.error.opcode  Operation
        Unsigned 32-bit integer

    afs.fs  File Server
        Boolean

    afs.fs.acl.a  _A_dminister
        Unsigned 8-bit integer

    afs.fs.acl.count.negative  ACL Count (Negative)
        Unsigned 32-bit integer

    afs.fs.acl.count.positive  ACL Count (Positive)
        Unsigned 32-bit integer

    afs.fs.acl.d  _D_elete
        Unsigned 8-bit integer

    afs.fs.acl.datasize  ACL Size
        Unsigned 32-bit integer

    afs.fs.acl.entity  Entity (User/Group)
        String

    afs.fs.acl.i  _I_nsert
        Unsigned 8-bit integer

    afs.fs.acl.k  _L_ock
        Unsigned 8-bit integer

    afs.fs.acl.l  _L_ookup
        Unsigned 8-bit integer

    afs.fs.acl.r  _R_ead
        Unsigned 8-bit integer

    afs.fs.acl.w  _W_rite
        Unsigned 8-bit integer

    afs.fs.callback.expires  Expires
        Date/Time stamp

    afs.fs.callback.type  Type
        Unsigned 32-bit integer

    afs.fs.callback.version  Version
        Unsigned 32-bit integer

    afs.fs.data  Data
        Byte array

    afs.fs.errcode  Error Code
        Unsigned 32-bit integer

    afs.fs.fid.uniq  FileID (Uniqifier)
        Unsigned 32-bit integer

    afs.fs.fid.vnode  FileID (VNode)
        Unsigned 32-bit integer

    afs.fs.fid.volume  FileID (Volume)
        Unsigned 32-bit integer

    afs.fs.flength  FLength
        Unsigned 32-bit integer

    afs.fs.length  Length
        Unsigned 32-bit integer

    afs.fs.name  Name
        String

    afs.fs.newname  New Name
        String

    afs.fs.offset  Offset
        Unsigned 32-bit integer

    afs.fs.oldname  Old Name
        String

    afs.fs.opcode  Operation
        Unsigned 32-bit integer

    afs.fs.symlink.content  Symlink Content
        String

    afs.fs.symlink.name  Symlink Name
        String

    afs.fs.timestamp  Timestamp
        Date/Time stamp

    afs.fs.volid  Volume ID
        Unsigned 32-bit integer

    afs.fs.volname  Volume Name
        String

    afs.kauth  Kauth
        Boolean

    afs.kauth.data  Data
        Byte array

    afs.kauth.domain  Domain
        String

    afs.kauth.errcode  Error Code
        Unsigned 32-bit integer

    afs.kauth.kvno  Key Version Number
        Unsigned 32-bit integer

    afs.kauth.name  Name
        String

    afs.kauth.opcode  Operation
        Unsigned 32-bit integer

    afs.kauth.princ  Principal
        String

    afs.kauth.realm  Realm
        String

    afs.prot  Protection
        Boolean

    afs.prot.count  Count
        Unsigned 32-bit integer

    afs.prot.errcode  Error Code
        Unsigned 32-bit integer

    afs.prot.flag  Flag
        Unsigned 32-bit integer

    afs.prot.gid  Group ID
        Unsigned 32-bit integer

    afs.prot.id  ID
        Unsigned 32-bit integer

    afs.prot.maxgid  Maximum Group ID
        Unsigned 32-bit integer

    afs.prot.maxuid  Maximum User ID
        Unsigned 32-bit integer

    afs.prot.name  Name
        String

    afs.prot.newid  New ID
        Unsigned 32-bit integer

    afs.prot.oldid  Old ID
        Unsigned 32-bit integer

    afs.prot.opcode  Operation
        Unsigned 32-bit integer

    afs.prot.pos  Position
        Unsigned 32-bit integer

    afs.prot.uid  User ID
        Unsigned 32-bit integer

    afs.rmtsys  Rmtsys
        Boolean

    afs.rmtsys.opcode  Operation
        Unsigned 32-bit integer

    afs.ubik  Ubik
        Boolean

    afs.ubik.errcode  Error Code
        Unsigned 32-bit integer

    afs.ubik.file  File
        Unsigned 32-bit integer

    afs.ubik.length  Length
        Unsigned 32-bit integer

    afs.ubik.locktype  Lock Type
        Unsigned 32-bit integer

    afs.ubik.opcode  Operation
        Unsigned 32-bit integer

    afs.ubik.position  Position
        Unsigned 32-bit integer

    afs.ubik.site  Site
        IPv4 address

    afs.ubik.syncsite  Syncsite
        Boolean

    afs.ubik.version.counter  Counter
        Unsigned 32-bit integer

    afs.ubik.version.epoch  Epoch
        Date/Time stamp

    afs.ubik.voteend  Vote Ends
        Date/Time stamp

    afs.ubik.votestart  Vote Started
        Date/Time stamp

    afs.ubik.votetype  Vote Type
        Boolean

    afs.update  Update
        Boolean

    afs.update.opcode  Operation
        Unsigned 32-bit integer

    afs.vldb  VLDB
        Boolean

    afs.vldb.bkvol  Backup Volume ID
        Unsigned 32-bit integer

    afs.vldb.bump  Bumped Volume ID
        Unsigned 32-bit integer

    afs.vldb.count  Volume Count
        Unsigned 32-bit integer

    afs.vldb.errcode  Error Code
        Unsigned 32-bit integer

    afs.vldb.id  Volume ID
        Unsigned 32-bit integer

    afs.vldb.index  Volume Index
        Unsigned 32-bit integer

    afs.vldb.name  Volume Name
        String

    afs.vldb.nextindex  Next Volume Index
        Unsigned 32-bit integer

    afs.vldb.numservers  Number of Servers
        Unsigned 32-bit integer

    afs.vldb.opcode  Operation
        Unsigned 32-bit integer

    afs.vldb.partition  Partition
        String

    afs.vldb.rovol  Read-Only Volume ID
        Unsigned 32-bit integer

    afs.vldb.rwvol  Read-Write Volume ID
        Unsigned 32-bit integer

    afs.vldb.server  Server
        IPv4 address

    afs.vldb.serveruuid  Server UUID
        Byte array

    afs.vldb.type  Volume Type
        Unsigned 32-bit integer

    afs.vol  Volume Server
        Boolean

    afs.vol.count  Volume Count
        Unsigned 32-bit integer

    afs.vol.errcode  Error Code
        Unsigned 32-bit integer

    afs.vol.id  Volume ID
        Unsigned 32-bit integer

    afs.vol.name  Volume Name
        String

    afs.vol.opcode  Operation
        Unsigned 32-bit integer

Appletalk Address Resolution Protocol (aarp)

    aarp.dst.ether  Target ether
        Byte array

    aarp.dst.id  Target ID
        Byte array

    aarp.hard.size  Hardware size
        Unsigned 8-bit integer

    aarp.hard.type  Hardware type
        Unsigned 16-bit integer

    aarp.opcode  Opcode
        Unsigned 16-bit integer

    aarp.proto.size  Protocol size
        Unsigned 8-bit integer

    aarp.proto.type  Protocol type
        Unsigned 16-bit integer

    aarp.src.ether  Sender ether
        Byte array

    aarp.src.id  Sender ID
        Byte array

Async data over ISDN (V.120) (v120)

    v120.address  Link Address
        Unsigned 16-bit integer

    v120.control  Control Field
        Unsigned 16-bit integer

    v120.header  Header Field
        String

Authentication Header (ah)

    ah.sequence  Sequence
        Unsigned 32-bit integer

    ah.spi  SPI
        Unsigned 32-bit integer

Boot Parameters (bootparams)

    bootparams.domain  Client Domain
        String

    bootparams.fileid  File ID
        String

    bootparams.filepath  File Path
        String

    bootparams.host  Client Host
        String

    bootparams.hostaddr  Client Address
        IPv4 address

    bootparams.routeraddr  Router Address
        IPv4 address

Bootstrap Protocol (bootp)

    bootp.cookie  Magic cookie
        IPv4 address

    bootp.dhcp  Frame is DHCP
        Boolean

    bootp.file  Boot file name
        String

    bootp.flag  Broadcast flag
        Unsigned 16-bit integer

    bootp.hops  Hops
        Unsigned 8-bit integer

    bootp.hw.addr  Client hardware address
        Byte array

    bootp.hw.len  Hardware address length
        Unsigned 8-bit integer

    bootp.hw.type  Hardware type
        Unsigned 8-bit integer

    bootp.id  Transaction ID
        Unsigned 32-bit integer

    bootp.ip.client  Client IP address
        IPv4 address

    bootp.ip.relay  Relay agent IP address
        IPv4 address

    bootp.ip.server  Next server IP address
        IPv4 address

    bootp.ip.your  Your (client) IP address
        IPv4 address

    bootp.secs  Seconds elapsed
        Unsigned 16-bit integer

    bootp.server  Server host name
        String

    bootp.type  Message type
        Unsigned 8-bit integer

Border Gateway Protocol (bgp)

Cisco Auto-RP (auto_rp)

    auto_rp.grp  Group mapping to this RP
        Unsigned 8-bit integer

    auto_rp.map  Auto-RP address map
        Unsigned 8-bit integer

    auto_rp.mask_sgn  Group prefix sign
        Unsigned 8-bit integer

    auto_rp.pim_ver  RP's highest PIM version
        Unsigned 8-bit integer

    auto_rp.type  Auto-RP packet type
        Unsigned 8-bit integer

    auto_rp.typever  Auto-RP message version and type
        Unsigned 8-bit integer

    auto_rp.version  Auto-RP protocol version
        Unsigned 8-bit integer

Cisco Discovery Protocol (cdp)

    cdp.flags  Flags
        Unsigned 8-bit integer

    cdp.tlv.len  Length
        Unsigned 16-bit integer

    cdp.tlv.type  Type
        Unsigned 16-bit integer

    cdp.ttl  TTL
        Unsigned 16-bit integer

    cdp.version  Version
        Unsigned 8-bit integer

Cisco Group Management Protocol (cgmp)

    cgmp.count  Count
        Unsigned 8-bit integer

    cgmp.gda  Group Destination Address
        6-byte Hardware (MAC) Address

    cgmp.type  Type
        Unsigned 8-bit integer

    cgmp.usa  Unicast Source Address
        6-byte Hardware (MAC) Address

    cgmp.version  Version
        Unsigned 8-bit integer

Cisco Hot Standby Router Protocol (hsrp)

Cisco ISL (isl)

    isl.addr  Source or Destination Address
        6-byte Hardware (MAC) Address

    isl.bpdu  BPDU
        Boolean

    isl.crc  CRC
        Unsigned 32-bit integer

    isl.dst  Destination
        6-byte Hardware (MAC) Address

    isl.dst_route_desc  Destination route descriptor
        Unsigned 16-bit integer

    isl.esize  Esize
        Unsigned 8-bit integer

    isl.explorer  Explorer
        Boolean

    isl.fcs_not_incl  FCS Not Included
        Boolean

    isl.hsa  HSA
        Unsigned 24-bit integer

    isl.index  Index
        Unsigned 16-bit integer

    isl.len  Length
        Unsigned 16-bit integer

    isl.src  Source
        6-byte Hardware (MAC) Address

    isl.src_route_desc  Source-route descriptor
        Unsigned 16-bit integer

    isl.src_vlan_id  Source VLAN ID
        Unsigned 16-bit integer

    isl.type  Type
        Unsigned 8-bit integer

    isl.user  User
        Unsigned 8-bit integer

    isl.user_eth  User
        Unsigned 8-bit integer

    isl.vlan_id  VLAN ID
        Unsigned 16-bit integer

Common Open Policy Service (cops)

    cops.client_type  Client Type
        Unsigned 16-bit integer

    cops.flags  Flags
        Unsigned 8-bit integer

    cops.msg_len  Message Length
        Unsigned 32-bit integer

    cops.obj.c_num  C-Num
        Unsigned 8-bit integer

    cops.obj.c_type  C-Type
        Unsigned 8-bit integer

    cops.obj.len  Object Length
        Unsigned 32-bit integer

    cops.op_code  Op Code
        Unsigned 8-bit integer

    cops.ver_flags  Version and Flags
        Unsigned 8-bit integer

    cops.version  Version
        Unsigned 8-bit integer

Data (data)

Datagram Delivery Protocol (ddp)

    ddp.checksum  Checksum
        Unsigned 16-bit integer

    ddp.dst.net  Destination Net
        Unsigned 16-bit integer

    ddp.dst.node  Destination Node
        Unsigned 8-bit integer

    ddp.dst.socket  Destination Socket
        Unsigned 8-bit integer

    ddp.hopcount  Hop count
        Unsigned 8-bit integer

    ddp.len  Datagram length
        Unsigned 16-bit integer

    ddp.src.net  Source Net
        Unsigned 16-bit integer

    ddp.src.node  Source Node
        Unsigned 8-bit integer

    ddp.src.socket  Source Socket
        Unsigned 8-bit integer

    ddp.type  Protocol type
        Unsigned 8-bit integer

Domain Name Service (dns)

    dns.count.add_rr  Additional RRs
        Unsigned 16-bit integer

    dns.count.answers  Answer RRs
        Unsigned 16-bit integer

    dns.count.auth_rr  Authority RRs
        Unsigned 16-bit integer

    dns.count.queries  Questions
        Unsigned 16-bit integer

    dns.flags  Flags
        Unsigned 16-bit integer

    dns.id  Transaction ID
        Unsigned 16-bit integer

    dns.query  Query
        Boolean

    dns.response  Response
        Boolean

Dynamic DNS Tools Protocol (ddtp)

    ddtp.encrypt  Encryption
        Unsigned 32-bit integer

    ddtp.hostid  Hostid
        Unsigned 32-bit integer

    ddtp.ipaddr  IP addres
        IPv4 address

    ddtp.msgtype  Message type
        Unsigned 32-bit integer

    ddtp.opcode  Opcode
        Unsigned 32-bit integer

    ddtp.status  Status
        Unsigned 32-bit integer

    ddtp.version  Version
        Unsigned 32-bit integer

Encapsulated Security Payload (esp)

    esp.sequence  Sequence
        Unsigned 32-bit integer

    esp.spi  SPI
        Unsigned 32-bit integer

Enhanced Interior Gateway Routing Protocol (eigrp)

Ethernet (eth)

    eth.addr  Source or Destination Address
        6-byte Hardware (MAC) Address

    eth.dst  Destination
        6-byte Hardware (MAC) Address

    eth.len  Length
        Unsigned 16-bit integer

    eth.src  Source
        6-byte Hardware (MAC) Address

    eth.trailer  Trailer
        Byte array

    eth.type  Type
        Unsigned 16-bit integer

Extended X.25 (modulo 128) (ex25)

    ex25.d  D Bit
        Boolean

    ex25.lcn  Logical Channel
        Unsigned 16-bit integer

    ex25.m  M Bit
        Boolean

    ex25.mod  Modulo
        Unsigned 16-bit integer

    ex25.p_r  P(R)
        Unsigned 8-bit integer

    ex25.p_s  P(S)
        Unsigned 8-bit integer

    ex25.q  Q Bit
        Boolean

    ex25.type  Packet Type
        Unsigned 8-bit integer

Fiber Distributed Data Interface (fddi)

    fddi.addr  Source or Destination Address
        6-byte Hardware (MAC) Address

    fddi.dst  Destination
        6-byte Hardware (MAC) Address

    fddi.fc  Frame Control
        Unsigned 8-bit integer

    fddi.src  Source
        6-byte Hardware (MAC) Address

File Transfer Protocol (ftp)

    ftp.reponse.data  Response data
        String

    ftp.request  Request
        Boolean

    ftp.request.command  Request command
        String

    ftp.request.data  Request data
        String

    ftp.response  Response
        Boolean

    ftp.response.code  Response code
        Unsigned 8-bit integer

Frame (frame)

    frame.cap_len  Capture Frame Length
        Unsigned 32-bit integer

    frame.number  Frame Number
        Unsigned 32-bit integer

    frame.pkt_len  Total Frame Length
        Unsigned 32-bit integer

    frame.time  Arrival Time
        Date/Time stamp

    frame.time_delta  Time delta from previous packet
        Time duration

General Inter-ORB Protocol (giop)

    giop.len  Message size
        Unsigned 32-bit integer

    giop.type  Message type
        Unsigned 8-bit integer

Generic Routing Encapsulation (gre)

    gre.proto  Protocol Type
        Unsigned 16-bit integer

Hypertext Transfer Protocol (http)

    http.request  Request
        Boolean

    http.response  Response
        Boolean

ICQ Protocol (icq)

    icq.checkcode  Checkcode
        Unsigned 32-bit integer

    icq.cmd  Command
        Unsigned 16-bit integer

    icq.decode  Decode
        String

    icq.sessionid  SessionID
        Unsigned 32-bit integer

    icq.type  Type
        Unsigned 16-bit integer

    icq.uin  UIN
        Unsigned 32-bit integer

ILMI (ilmi)

IP Payload Compression (ipcomp)

    ipcomp.cpi  CPI
        Unsigned 16-bit integer

    ipcomp.flags  Flags
        Unsigned 8-bit integer

IPX Message (ipxmsg)

    ipxmsg.conn  Connection Number
        Unsigned 8-bit integer

    ipxmsg.sigchar  Signature Char
        Unsigned 8-bit integer

IPX Routing Information Protocol (ipxrip)

    ipxrip.request  Request
        Boolean

    ipxrip.response  Response
        Boolean

ISIS HELLO (isis_hello)

    isis_hello.circuite_type  Circuit type              
        Unsigned 8-bit integer

    isis_hello.clv_ipv4_int_addr  IPv4 interface address    
        IPv4 address

    isis_hello.holding_timer  Holding timer             
        Unsigned 16-bit integer

    isis_hello.lan_id  SystemID{ Designated IS } 
        String

    isis_hello.local_circuit_id  Local circuit ID          
        Unsigned 8-bit integer

    isis_hello.pdu_length  PDU length                
        Unsigned 16-bit integer

    isis_hello.priority  Priority                 
        Unsigned 8-bit integer

    isis_hello.source_id  SystemID{ Sender of PDU } 
        6-byte Hardware (MAC) Address

ISO 10598 ISIS Complete Sequence Numbers Protocol Data Unit (isis_csnp)

    isis_csnp.pdu_length  PDU length
        Unsigned 16-bit integer

ISO 10598 ISIS InTRA Domain Routeing Information Exchange Protocol (isis)

    isis.irpd  Intra Domain Routing Protocol Discriminator
        Unsigned 8-bit integer

    isis.len  PDU Header Length  
        Unsigned 8-bit integer

    isis.max_area_adr  Max.AREAs: (0==3)  
        Unsigned 8-bit integer

    isis.reserved  Reserved (==0)     
        Unsigned 8-bit integer

    isis.sysid_len  System ID Length   
        Unsigned 8-bit integer

    isis.type  PDU Type          :
        Unsigned 8-bit integer

    isis.version  Version (==1)      
        Unsigned 8-bit integer

    isis.version2  Version2 (==1)     
        Unsigned 8-bit integer

ISO 10598 ISIS Link State Protocol Data Unit (isis_lsp)

    isis_lsp.checksum  Checksum
        Unsigned 16-bit integer

    isis_lsp.clv_ipv4_int_addr  IPv4 interface address: 
        IPv4 address

    isis_lsp.pdu_length  PDU length
        Unsigned 16-bit integer

    isis_lsp.remaining_life  Remaining life
        Unsigned 16-bit integer

    isis_lsp.sequence_number  Sequence number
        Unsigned 32-bit integer

ISO 10598 ISIS Partial Sequence Numbers Protocol Data Unit (isis_psnp)

    isis_psnp.pdu_length  PDU length
        Unsigned 16-bit integer

ISO 8073 COTP Connection-Oriented Transport Protocol (cotp)

ISO 8473 CLNP ConnectionLess Network Protocol (clnp)

    clnp.checksum  Checksum     
        Unsigned 16-bit integer

    clnp.dsap   DA 
        Byte array

    clnp.dsap.len  DAL 
        Unsigned 8-bit integer

    clnp.len  HDR Length   
        Unsigned 8-bit integer

    clnp.nlpi  Network Layer Protocol Identifier
        Unsigned 8-bit integer

    clnp.pdu.len  PDU length   
        Unsigned 16-bit integer

    clnp.ssap   SA 
        Byte array

    clnp.ssap.len  SAL 
        Unsigned 8-bit integer

    clnp.ttl  Holding Time 
        Unsigned 8-bit integer

    clnp.type  PDU Type     
        Unsigned 8-bit integer

    clnp.version  Version      
        Unsigned 8-bit integer

ISO 9542 ESIS Routeing Information Exchange Protocol (esis)

    esis.chksum  Checksum      
        Unsigned 16-bit integer

    esis.htime  Holding Time  
        Unsigned 16-bit integer

    esis.length  PDU Length    
        Unsigned 8-bit integer

    esis.nlpi  Network Layer Protocol Identifier
        Unsigned 8-bit integer

    esis.res  Reserved(==0) 
        Unsigned 8-bit integer

    esis.type  PDU Type      
        Unsigned 8-bit integer

    esis.ver  Version (==1) 
        Unsigned 8-bit integer

Internet Cache Protocol (icp)

    icp.length  Length
        Unsigned 16-bit integer

    icp.nr  Request Number
        Unsigned 32-bit integer

    icp.opcode  Opcode
        Unsigned 8-bit integer

    icp.version  Version
        Unsigned 8-bit integer

Internet Control Message Protocol (icmp)

    icmp.checksum  Checksum
        Unsigned 16-bit integer

    icmp.code  Code
        Unsigned 8-bit integer

    icmp.type  Type
        Unsigned 8-bit integer

Internet Control Message Protocol v6 (icmpv6)

    icmpv6.checksum  Checksum
        Unsigned 16-bit integer

    icmpv6.code  Code
        Unsigned 8-bit integer

    icmpv6.type  Type
        Unsigned 8-bit integer

Internet Group Management Protocol (igmp)

    igmp.checksum  Checksum
        Unsigned 16-bit integer

    igmp.group  Group address
        IPv4 address

    igmp.type  Type
        Unsigned 8-bit integer

    igmp.unused  Unused
        Unsigned 8-bit integer

    igmp.version  Version
        Unsigned 8-bit integer

Internet Message Access Protocol (imap)

    imap.request  Request
        Boolean

    imap.response  Response
        Boolean

Internet Printing Protocol (ipp)

Internet Protocol (ip)

    ip.addr  Source or Destination Address
        IPv4 address

    ip.checksum  Header checksum
        Unsigned 16-bit integer

    ip.dsfield  Differentiated Services field
        Unsigned 8-bit integer

    ip.dsfield.cu  Currently Unused
        Unsigned 8-bit integer

    ip.dsfield.dscp  Differentiated Services Codepoint
        Unsigned 8-bit integer

    ip.dst  Destination
        IPv4 address

    ip.flags  Flags
        Unsigned 8-bit integer

    ip.flags.df  Don't fragment
        Boolean

    ip.flags.mf  More fragments
        Boolean

    ip.frag_offset  Fragment offset
        Unsigned 16-bit integer

    ip.hdr_len  Header Length
        Unsigned 8-bit integer

    ip.id  Identification
        Unsigned 16-bit integer

    ip.len  Total Length
        Unsigned 16-bit integer

    ip.proto  Protocol
        Unsigned 8-bit integer

    ip.src  Source
        IPv4 address

    ip.tos  Type of Service
        Unsigned 8-bit integer

    ip.tos.cost  Cost
        Boolean

    ip.tos.delay  Delay
        Boolean

    ip.tos.precedence  Precedence
        Unsigned 8-bit integer

    ip.tos.reliability  Reliability
        Boolean

    ip.tos.throughput  Throughput
        Boolean

    ip.ttl  Time to live
        Unsigned 8-bit integer

    ip.version  Version
        Unsigned 8-bit integer

Internet Protocol Version 6 (ipv6)

    ipv6.class  Traffic class
        Unsigned 8-bit integer

    ipv6.dst  Destination
        IPv6 address

    ipv6.flow  Flowlabel
        Unsigned 32-bit integer

    ipv6.hlim  Hop limit
        Unsigned 8-bit integer

    ipv6.nxt  Next header
        Unsigned 8-bit integer

    ipv6.plen  Payload length
        Unsigned 16-bit integer

    ipv6.src  Source
        IPv6 address

    ipv6.version  Version
        Unsigned 8-bit integer

Internet Relay Chat (irc)

    irc.command  Command
        String

    irc.request  Request
        Boolean

    irc.response  Response
        Boolean

Internet Security Association and Key Management Protocol (isakmp)

Internetwork Packet eXchange (ipx)

    ipx.checksum  Checksum
        Unsigned 16-bit integer

    ipx.dst.net  Destination Network
        IPX network or server name

    ipx.dst.node  Destination Node
        6-byte Hardware (MAC) Address

    ipx.dst.socket  Destination Socket
        Unsigned 16-bit integer

    ipx.hops  Transport Control (Hops)
        Unsigned 8-bit integer

    ipx.len  Length
        Unsigned 16-bit integer

    ipx.packet_type  Packet Type
        Unsigned 8-bit integer

    ipx.src.net  Source Network
        IPX network or server name

    ipx.src.node  Source Node
        6-byte Hardware (MAC) Address

    ipx.src.socket  Source Socket
        Unsigned 16-bit integer

L2TP Protocol (l2tp)

    l2tp.Nr  Nr
        Unsigned 16-bit integer

    l2tp.Ns  Ns
        Unsigned 16-bit integer

    l2tp.length  Length
        Unsigned 16-bit integer

    l2tp.offset  Offset
        Unsigned 16-bit integer

    l2tp.session  Session ID
        Unsigned 16-bit integer

    l2tp.tunnel  Tunnel ID
        Unsigned 16-bit integer

    lt2p.code  code
        Unsigned 16-bit integer

    lt2p.length_bit  Length Bit
        Boolean

    lt2p.offset_bit  Offset bit
        Boolean

    lt2p.priority  Priority
        Boolean

    lt2p.seq_bit  Sequence Bit
        Boolean

    lt2p.type  Type
        Unsigned 16-bit integer

    lt2p.version  Version
        Unsigned 16-bit integer

Lightweight Directory Access Protocol (ldap)

    ldap.abandon.msgid  Abandon Msg Id
        Unsigned 32-bit integer

    ldap.attribute  Attribute
        String

    ldap.bind.auth_type  Auth Type
        Unsigned 8-bit integer

    ldap.bind.dn  DN
        String

    ldap.bind.password  Password
        String

    ldap.bind.version  Version
        Unsigned 32-bit integer

    ldap.compare.test  Test
        String

    ldap.dn  Distinguished Name
        String

    ldap.length  Length
        Unsigned 32-bit integer

    ldap.message_id  Message Id
        Unsigned 32-bit integer

    ldap.message_length  Message Length
        Unsigned 32-bit integer

    ldap.message_type  Message Type
        Unsigned 8-bit integer

    ldap.modify.add  Add
        String

    ldap.modify.delete  Delete
        String

    ldap.modify.replace  Replace
        String

    ldap.modrdn.delete  Delete Values
        Boolean

    ldap.modrdn.name  New Name
        String

    ldap.modrdn.superior  New Location
        String

    ldap.result.code  Result Code
        Unsigned 8-bit integer

    ldap.result.errormsg  Error Message
        String

    ldap.result.matcheddn  Matched DN
        String

    ldap.result.referral  Referral
        String

    ldap.search.basedn  Base DN
        String

    ldap.search.dereference  Dereference
        Unsigned 8-bit integer

    ldap.search.filter  Filter
        String

    ldap.search.scope  Scope
        Unsigned 8-bit integer

    ldap.search.sizelimit  Size Limit
        Unsigned 32-bit integer

    ldap.search.timelimit  Time Limit
        Unsigned 32-bit integer

    ldap.search.typesonly  Attributes Only
        Boolean

    ldap.value  Value
        String

Line Printer Daemon Protocol (lpd)

    lpd.request  Request
        Boolean

    lpd.response  Response
        Boolean

Link Access Procedure Balanced (LAPB) (lapb)

    lapb.address  Address Field
        Unsigned 8-bit integer

    lapb.control  Control Field
        Unsigned 8-bit integer

Link Access Procedure, Channel D (LAPD) (lapd)

    lapd.address  Address Field
        Unsigned 16-bit integer

    lapd.control  Control Field
        Unsigned 16-bit integer

    lapd.cr  C/R
        Unsigned 16-bit integer

    lapd.ea1  EA1
        Unsigned 16-bit integer

    lapd.ea2  EA2
        Unsigned 16-bit integer

    lapd.sapi  SAPI
        Unsigned 16-bit integer

    lapd.tei  TEI
        Unsigned 16-bit integer

Logical-Link Control (llc)

    llc.control  Control
        Unsigned 16-bit integer

    llc.dsap  DSAP
        Unsigned 8-bit integer

    llc.dsap.ig  IG Bit
        Boolean

    llc.oui  Organization Code
        Unsigned 24-bit integer

    llc.pid  Protocol ID
        Unsigned 16-bit integer

    llc.ssap  SSAP
        Unsigned 8-bit integer

    llc.ssap.cr  CR Bit
        Boolean

    llc.type  Type
        Unsigned 16-bit integer

Lucent/Ascend debug output (ascend)

    ascend.chunk  WDD Chunk
        Unsigned 32-bit integer

    ascend.number  Called number
        String

    ascend.sess  Session ID
        Unsigned 32-bit integer

    ascend.task  Task
        Unsigned 32-bit integer

    ascend.type  Link type
        Unsigned 32-bit integer

    ascend.user  User name
        String

MAPI (mapi)

    mapi.request  Request
        Boolean

    mapi.response  Response
        Boolean

MSProxy Protocol (msproxy)

    msproxy.bindaddr  Destination
        IPv4 address

    msproxy.bindid  Bound Port Id
        Unsigned 32-bit integer

    msproxy.bindport  Bind Port
        Unsigned 16-bit integer

    msproxy.boundport  Bound Port
        Unsigned 16-bit integer

    msproxy.clntport  Client Port
        Unsigned 16-bit integer

    msproxy.command  Command
        Unsigned 16-bit integer

    msproxy.dstaddr  Destination Address
        IPv4 address

    msproxy.dstport  Destination Port
        Unsigned 16-bit integer

    msproxy.resolvaddr  Address
        IPv4 address

    msproxy.server_ext_addr  Server External Address
        IPv4 address

    msproxy.server_ext_port  Server External Port
        Unsigned 16-bit integer

    msproxy.server_int_addr  Server Internal Address
        IPv4 address

    msproxy.server_int_port  Server Internal Port
        Unsigned 16-bit integer

    msproxy.serveraddr  Server Address
        IPv4 address

    msproxy.serverport  Server Port
        Unsigned 16-bit integer

    msproxy.srcport  Source Port
        Unsigned 16-bit integer

Malformed Frame (malformed)

Microsoft Windows Browser Protocol (browser)

Microsoft Windows Lanman Protocol (lanman)

Microsoft Windows Logon Protocol (netlogon)

Mobile IP (mip)

    mip.b  Broadcast Datagrams
        Boolean

    mip.coa  Care of Address
        IPv4 address

    mip.code  Reply Code
        Unsigned 8-bit integer

    mip.d  Co-lcated Care-of Address
        Boolean

    mip.g  GRE
        Boolean

    mip.haaddr  Home Agent
        IPv4 address

    mip.homeaddr  Home Address
        IPv4 address

    mip.ident  Identification
        Byte array

    mip.life  Lifetime
        Signed 16-bit integer

    mip.m  Minimal Encapsulation
        Boolean

    mip.s  Simultaneous Bindings
        Boolean

    mip.type  Message Type
        Signed 8-bit integer

    mip.v  Van Jacobson
        Boolean

Mount Service (mount)

    mount.dump.directory  Directory
        String

    mount.dump.entry  Mount List Entry
        No value

    mount.dump.hostname  Hostname
        String

    mount.export.directory  Directory
        String

    mount.export.entry  Export List Entry
        No value

    mount.export.group  Group
        String

    mount.export.groups  Groups
        No value

    mount.flavor  Flavor
        Unsigned 32-bit integer

    mount.flavors  Flavors
        Unsigned 32-bit integer

    mount.path  Path
        String

    mount.pathconf.link_max  Maximum number of links to a file
        Unsigned 32-bit integer

    mount.pathconf.mask  Reply error/status bits
        Unsigned 16-bit integer

    mount.pathconf.mask.chown_restricted  CHOWN_RESTRICTED
        Boolean

    mount.pathconf.mask.error_all  ERROR_ALL
        Boolean

    mount.pathconf.mask.error_link_max  ERROR_LINK_MAX
        Boolean

    mount.pathconf.mask.error_max_canon  ERROR_MAX_CANON
        Boolean

    mount.pathconf.mask.error_max_input  ERROR_MAX_INPUT
        Boolean

    mount.pathconf.mask.error_name_max  ERROR_NAME_MAX
        Boolean

    mount.pathconf.mask.error_path_max  ERROR_PATH_MAX
        Boolean

    mount.pathconf.mask.error_pipe_buf  ERROR_PIPE_BUF
        Boolean

    mount.pathconf.mask.error_vdisable  ERROR_VDISABLE
        Boolean

    mount.pathconf.mask.no_trunc  NO_TRUNC
        Boolean

    mount.pathconf.max_canon  Maximum terminal input line length
        Unsigned 16-bit integer

    mount.pathconf.max_input  Terminal input buffer size
        Unsigned 16-bit integer

    mount.pathconf.name_max  Maximum file name length
        Unsigned 16-bit integer

    mount.pathconf.path_max  Maximum path name length
        Unsigned 16-bit integer

    mount.pathconf.pipe_buf  Pipe buffer size
        Unsigned 16-bit integer

    mount.pathconf.vdisable_char  VDISABLE character
        Unsigned 8-bit integer

    mount.status  Status
        Unsigned 32-bit integer

MultiProtocol Label Switching Header (mpls)

    mpls.bottom  MPLS Bottom Of Label Stack
        Unsigned 8-bit integer

    mpls.exp  MPLS Experimental Bits
        Unsigned 8-bit integer

    mpls.label  MPLS Label
        Unsigned 32-bit integer

    mpls.ttl  MPLS TTL
        Unsigned 8-bit integer

Name Binding Protocol (nbp)

    nbp.count  Count
        Unsigned 8-bit integer

    nbp.enum  Enumerator
        Unsigned 8-bit integer

    nbp.info  Info
        Unsigned 8-bit integer

    nbp.net  Network
        Unsigned 16-bit integer

    nbp.node  Node
        Unsigned 8-bit integer

    nbp.object  Object
        String

    nbp.op  Operation
        Unsigned 8-bit integer

    nbp.port  Port
        Unsigned 8-bit integer

    nbp.tid  Transaction ID
        Unsigned 8-bit integer

    nbp.type  Type
        String

    nbp.zone  Zone
        String

NetBIOS (netbios)

NetBIOS Datagram Service (nbdgm)

    nbdgm.dgram_id  Datagram ID
        Unsigned 16-bit integer

    nbdgm.first  First fragment
        Boolean

    nbdgm.next  Fragmented
        Boolean

    nbdgm.node_type  Node Type
        Unsigned 8-bit integer

    nbdgm.src.ip  Source IP
        IPv4 address

    nbdgm.src.port  Source Port
        Unsigned 16-bit integer

    nbdgm.type  Message Type
        Unsigned 8-bit integer

NetBIOS Name Service (nbns)

    nbns.count.add_rr  Additional RRs
        Unsigned 16-bit integer

    nbns.count.answers  Answer RRs
        Unsigned 16-bit integer

    nbns.count.auth_rr  Authority RRs
        Unsigned 16-bit integer

    nbns.count.queries  Questions
        Unsigned 16-bit integer

    nbns.id  Transaction ID
        Unsigned 16-bit integer

    nbns.query  Query
        Boolean

    nbns.response  Response
        Boolean

NetBIOS Session Service (nbss)

    nbss.flags  Flags
        Unsigned 8-bit integer

    nbss.type  Message Type
        Unsigned 8-bit integer

NetBIOS over IPX (nbipx)

NetWare Core Protocol (ncp)

    ncp.connection  Connection Number
        Unsigned 16-bit integer

    ncp.ip.signature  NCP over IP signature
        Unsigned 32-bit integer

    ncp.ip.version  Version
        Unsigned 32-bit integer

    ncp.seq  Sequence Number
        Unsigned 8-bit integer

    ncp.task  Task Number
        Unsigned 8-bit integer

    ncp.type  Type
        Unsigned 16-bit integer

Network File System (nfs)

    nfs.createmode  Create Mode
        Unsigned 32-bit integer

    nfs.data  Data
        String

    nfs.fsinfo.dtpref  dtpref
        Unsigned 32-bit integer

    nfs.fsinfo.propeties  Properties
        Unsigned 32-bit integer

    nfs.fsinfo.rtmax  rtmax
        Unsigned 32-bit integer

    nfs.fsinfo.rtmult  rtmult
        Unsigned 32-bit integer

    nfs.fsinfo.rtpref  rtpref
        Unsigned 32-bit integer

    nfs.fsinfo.wtmax  wtmax
        Unsigned 32-bit integer

    nfs.fsinfo.wtmult  wtmult
        Unsigned 32-bit integer

    nfs.fsinfo.wtpref  wtpref
        Unsigned 32-bit integer

    nfs.fsstat.invarsec  invarsec
        Unsigned 32-bit integer

    nfs.name  Name
        String

    nfs.pathconf.case_insensitive  case_insensitive
        Boolean

    nfs.pathconf.case_preserving  case_preserving
        Boolean

    nfs.pathconf.chown_restricted  chown_restricted
        Boolean

    nfs.pathconf.linkmax  linkmax
        Unsigned 32-bit integer

    nfs.pathconf.name_max  name_max
        Unsigned 32-bit integer

    nfs.pathconf.no_trunc  no_trunc
        Boolean

    nfs.read.count  Count
        Unsigned 32-bit integer

    nfs.read.eof  EOF
        Boolean

    nfs.read.offset  Offset
        Unsigned 32-bit integer

    nfs.read.totalcount  Total Count
        Unsigned 32-bit integer

    nfs.readdir.cookie  Cookie
        Unsigned 32-bit integer

    nfs.readdir.count  Count
        Unsigned 32-bit integer

    nfs.readdir.entry  Entry
        No value

    nfs.readdir.entry.cookie  Cookie
        Unsigned 32-bit integer

    nfs.readdir.entry.fileid  File ID
        Unsigned 32-bit integer

    nfs.readdir.entry.name  Name
        String

    nfs.readdir.eof  EOF
        Unsigned 32-bit integer

    nfs.readdir.value_follows  Value Follows
        Boolean

    nfs.readdirplus.entry.name  Name
        String

    nfs.readlink.data  Data
        String

    nfs.statfs.bavail  Available Blocks
        Unsigned 32-bit integer

    nfs.statfs.bfree  Free Blocks
        Unsigned 32-bit integer

    nfs.statfs.blocks  Total Blocks
        Unsigned 32-bit integer

    nfs.statfs.bsize  Block Size
        Unsigned 32-bit integer

    nfs.statfs.tsize  Transfer Size
        Unsigned 32-bit integer

    nfs.status  Status
        Unsigned 32-bit integer

    nfs.status2  Status
        Unsigned 32-bit integer

    nfs.symlink.to  To
        String

    nfs.type  Type
        Unsigned 32-bit integer

    nfs.write.beginoffset  Begin Offset
        Unsigned 32-bit integer

    nfs.write.committed  Committed
        Unsigned 32-bit integer

    nfs.write.offset  Offset
        Unsigned 32-bit integer

    nfs.write.stable  Stable
        Unsigned 32-bit integer

    nfs.write.totalcount  Total Count
        Unsigned 32-bit integer

Network Lock Manager Protocol (nlm)

Network News Transfer Protocol (nntp)

    nntp.request  Request
        Boolean

    nntp.response  Response
        Boolean

Network Time Protocol (ntp)

    ntp.flags  Flags
        Byte array

    ntp.flags.li  Leap Indicator
        Unsigned 8-bit integer

    ntp.flags.mode  Leap Indicator
        Unsigned 8-bit integer

    ntp.flags.vn  Version number
        Unsigned 8-bit integer

    ntp.keyid  Key ID
        Byte array

    ntp.mac  Message Authentication Code
        Byte array

    ntp.org  Originate Time Stamp
        Byte array

    ntp.ppoll  Peer Polling Interval
        Byte array

    ntp.precision  Peer Clock Precision
        Byte array

    ntp.rec  Receive Time Stamp
        Byte array

    ntp.refid  Reference Clock ID
        Byte array

    ntp.reftime  Reference Clock Update Time
        Byte array

    ntp.rootdelay  Root Delay
        Byte array

    ntp.rootdispersion  Clock Dispersion
        Byte array

    ntp.stratum  Peer Clock Stratum
        Byte array

    ntp.xmt  Transmit Time Stamp
        Byte array

Null/Loopback (null)

    null.family  Family
        Unsigned 32-bit integer

    null.type  Type
        Unsigned 16-bit integer

Open Shortest Path First (ospf)

PPP Multilink Protocol (mp)

    mp.first  First fragment
        Boolean

    mp.last  Last fragment
        Boolean

    mp.seq  Sequence number
        Unsigned 24-bit integer

Point-to-Point Protocol (ppp)

Portmap (portmap)

    portmap.answer  Answer
        Boolean

    portmap.port  Port
        Unsigned 32-bit integer

    portmap.proc  Procedure
        Unsigned 32-bit integer

    portmap.prog  Program
        Unsigned 32-bit integer

    portmap.proto  Protocol
        Unsigned 32-bit integer

    portmap.rpcb  RPCB
        No value

    portmap.rpcb.addr  Universal Address
        String

    portmap.rpcb.netid  Network Id
        String

    portmap.rpcb.owner  Owner of this Service
        String

    portmap.rpcb.prog  Program
        Unsigned 32-bit integer

    portmap.rpcb.version  Version
        Unsigned 32-bit integer

    portmap.uaddr  Universal Address
        String

    portmap.value_follows  Value Follows
        Boolean

    portmap.version  Version
        Unsigned 32-bit integer

Post Office Protocol (pop)

    pop.request  Request
        Boolean

    pop.response  Response
        Boolean

Protocol Independent Multicast (pim)

    pim.cksum  Checksum
        Unsigned 16-bit integer

    pim.type  Type
        Unsigned 8-bit integer

    pim.version  Version
        Unsigned 8-bit integer

Q.2931 (q2931)

    q2931.call_ref  Call reference value
        Byte array

    q2931.call_ref_len  Call reference value length
        Unsigned 8-bit integer

    q2931.disc  Protocol discriminator
        Unsigned 8-bit integer

    q2931.message_action_indicator  Action indicator
        Unsigned 8-bit integer

    q2931.message_flag  Flag
        Boolean

    q2931.message_len  Message length
        Unsigned 16-bit integer

    q2931.message_type  Message type
        Unsigned 8-bit integer

    q2931.message_type_ext  Message type extension
        Unsigned 8-bit integer

Q.931 (q931)

    q931.call_ref  Call reference value
        Byte array

    q931.call_ref_len  Call reference value length
        Unsigned 8-bit integer

    q931.disc  Protocol discriminator
        Unsigned 8-bit integer

    q931.message_type  Message type
        Unsigned 8-bit integer

RIPng (ripng)

    ripng.cmd  Command
        Unsigned 8-bit integer

    ripng.version  Version
        Unsigned 8-bit integer

RTP Control Protocol (rtcp)

RX Protocol (rx)

    rx.callnumber  Call Number
        Unsigned 32-bit integer

    rx.cid  CID
        Unsigned 32-bit integer

    rx.epoch  Epoch
        Unsigned 32-bit integer

    rx.flags  Flags
        Unsigned 8-bit integer

    rx.flags.client_init  Client Initiated
        Unsigned 8-bit integer

    rx.flags.free_packet  Free Packet
        Unsigned 8-bit integer

    rx.flags.last_packet  Last Packet
        Unsigned 8-bit integer

    rx.flags.more_packets  More Packets
        Unsigned 8-bit integer

    rx.flags.request_ack  Request Ack
        Unsigned 8-bit integer

    rx.securityindex  Security Index
        Unsigned 32-bit integer

    rx.seq  Sequence Number
        Unsigned 32-bit integer

    rx.serial  Serial
        Unsigned 32-bit integer

    rx.serviceid  Service ID
        Unsigned 16-bit integer

    rx.spare  Spare/Checksum
        Unsigned 16-bit integer

    rx.type  Type
        Unsigned 8-bit integer

    rx.userstatus  User Status
        Unsigned 32-bit integer

Radius Protocol (radius)

    radius.code  Code
        Unsigned 8-bit integer

    radius.id  Identifier
        Unsigned 8-bit integer

    radius.length  Length
        Unsigned 16-bit integer

Real Time Streaming Protocol (rtsp)

    rtsp.method  Method
        String

    rtsp.status  Status
        Unsigned 32-bit integer

    rtsp.url  URL
        String

Realtime Transport Protocol (rtp)

Remote Procedure Call (rpc)

    rpc.auth.flavor  Flavor
        Unsigned 32-bit integer

    rpc.auth.gid  GID
        Unsigned 32-bit integer

    rpc.auth.length  Length
        Unsigned 32-bit integer

    rpc.auth.machinename  Machine Name
        String

    rpc.auth.stamp  Stamp
        Unsigned 32-bit integer

    rpc.auth.uid  UID
        Unsigned 32-bit integer

    rpc.call.dup  Duplicate Call
        Unsigned 32-bit integer

    rpc.dup  Duplicate Transaction
        Unsigned 32-bit integer

    rpc.fraglen  Fragment Length
        Unsigned 32-bit integer

    rpc.lastfrag  Last Fragment
        Boolean

    rpc.msgtyp  Message Type
        Unsigned 32-bit integer

    rpc.procedure  Procedure
        Unsigned 32-bit integer

    rpc.program  Program
        Unsigned 32-bit integer

    rpc.programversion  Program Version
        Unsigned 32-bit integer

    rpc.programversion.max  Program Version (Maximum)
        Unsigned 32-bit integer

    rpc.programversion.min  Program Version (Minimum)
        Unsigned 32-bit integer

    rpc.reply.dup  Duplicate Reply
        Unsigned 32-bit integer

    rpc.replystat  Reply State
        Unsigned 32-bit integer

    rpc.state_accept  Accept State
        Unsigned 32-bit integer

    rpc.state_auth  Auth State
        Unsigned 32-bit integer

    rpc.state_reject  Reject State
        Unsigned 32-bit integer

    rpc.value_follows  Value Follows
        Boolean

    rpc.version  RPC Version
        Unsigned 32-bit integer

    rpc.version.max  RPC Version (Maximum)
        Unsigned 32-bit integer

    rpc.version.min  RPC Version (Minimum)
        Unsigned 32-bit integer

    rpc.xid  XID
        Unsigned 32-bit integer

Resource ReserVation Protocol (RSVP) (rsvp)

    rsvp.adspec  ADSPEC
        Unsigned 8-bit integer

    rsvp.confirm  CONFIRM
        Unsigned 8-bit integer

    rsvp.error  ERROR
        Unsigned 8-bit integer

    rsvp.explicit_route  EXPLICIT ROUTE
        Unsigned 8-bit integer

    rsvp.filter  FILTERSPEC
        Unsigned 8-bit integer

    rsvp.flowspec  FLOWSPEC
        Unsigned 8-bit integer

    rsvp.hop  HOP
        Unsigned 8-bit integer

    rsvp.integrity  INTEGRITY
        Unsigned 8-bit integer

    rsvp.label  LABEL
        Unsigned 8-bit integer

    rsvp.label_request  LABEL REQUEST
        Unsigned 8-bit integer

    rsvp.msg  Message Type
        Unsigned 8-bit integer

    rsvp.obj_unknown  Unknown object
        Unsigned 8-bit integer

    rsvp.path  Path Message
        Boolean

    rsvp.perr  Path Error Message
        Boolean

    rsvp.policy  POLICY
        Unsigned 8-bit integer

    rsvp.ptear  Path Tear Message
        Boolean

    rsvp.record_route  RECORD ROUTE
        Unsigned 8-bit integer

    rsvp.rerr  Resv Error Message
        Boolean

    rsvp.resv  Resv Message
        Boolean

    rsvp.resvconf  Resv Confirm Message
        Boolean

    rsvp.rtear  Resv Tear Message
        Boolean

    rsvp.rtearconf  Resv Tear Confirm Message
        Boolean

    rsvp.scope  SCOPE
        Unsigned 8-bit integer

    rsvp.sender  SENDER TEMPLATE
        Unsigned 8-bit integer

    rsvp.sender.ip  Sender IPv4 address
        IPv4 address

    rsvp.sender.lsp_id  Sender LSP ID
        Unsigned 16-bit integer

    rsvp.sender.port  Sender port number
        Unsigned 16-bit integer

    rsvp.session  SESSION
        Unsigned 8-bit integer

    rsvp.session.ext_tunnel_id  Extended tunnel ID
        Unsigned 32-bit integer

    rsvp.session.ip  Destination address
        IPv4 address

    rsvp.session.port  Port number
        Unsigned 16-bit integer

    rsvp.session.proto  Protocol
        Unsigned 8-bit integer

    rsvp.session.tunnel_id  Tunnel ID
        Unsigned 16-bit integer

    rsvp.session_attribute  SESSION ATTRIBUTE
        Unsigned 8-bit integer

    rsvp.style  STYLE
        Unsigned 8-bit integer

    rsvp.time  TIME VALUES
        Unsigned 8-bit integer

    rsvp.tspec  SENDER TSPEC
        Unsigned 8-bit integer

Rlogin Protocol (rlogin)

    rlogin.user_info  User Info
        No value

    rlogin.window_size  Window Info
        No value

    rlogin.window_size.cols  Columns
        Unsigned 16-bit integer

    rlogin.window_size.rows  Rows
        Unsigned 16-bit integer

    rlogin.window_size.x_pixels  X Pixels
        Unsigned 16-bit integer

    rlogin.window_size.y_pixels  Y Pixels
        Unsigned 16-bit integer

Routing Information Protocol (rip)

Routing Table (rtmp)

    nbp.nodeid  Node
        Unsigned 8-bit integer

    nbp.nodeid.length  Node Length
        Unsigned 8-bit integer

    rtmp.net  Net
        Unsigned 16-bit integer

    rtmp.tuple.dist  Distance
        Unsigned 16-bit integer

    rtmp.tuple.net  Net
        Unsigned 16-bit integer

SMB MailSlot Protocol (mailslot)

SNMP Multiplex Protocol (smux)

SSCOP (sscop)

Sequenced Packet eXchange (spx)

    spx.ack  Acknowledgment Number
        Unsigned 16-bit integer

    spx.alloc  Allocation Number
        Unsigned 16-bit integer

    spx.ctl  Connection Control
        Unsigned 8-bit integer

    spx.dst  Destination Connection ID
        Unsigned 16-bit integer

    spx.seq  Sequence Number
        Unsigned 16-bit integer

    spx.src  Source Connection ID
        Unsigned 16-bit integer

    spx.type  Datastream type
        Unsigned 8-bit integer

Server Message Block Protocol (smb)

Service Advertisement Protocol (ipxsap)

    ipxsap.request  Request
        Boolean

    ipxsap.response  Response
        Boolean

Service Location Protocol (srvloc)

    srvloc.err  Error Code
        Unsigned 8-bit integer

    srvloc.flags  Flags
        Unsigned 8-bit integer

    srvloc.function  Function
        Unsigned 8-bit integer

    srvloc.version  Version
        Unsigned 8-bit integer

Session Announcement Protocol (sap)

    sap.auth  Authentication data
        No value

    sap.auth.flags  Authentication data flags
        Unsigned 8-bit integer

    sap.auth.flags.p  Padding Bit
        Boolean

    sap.auth.flags.t  Authentication Type
        Unsigned 8-bit integer

    sap.auth.flags.v  Version Number
        Unsigned 8-bit integer

    sap.flags  Flags
        Unsigned 8-bit integer

    sap.flags.a  Address Type
        Boolean

    sap.flags.c  Compression Bit
        Boolean

    sap.flags.e  Encryption Bit
        Boolean

    sap.flags.r  Reserved
        Boolean

    sap.flags.t  Message Type
        Boolean

    sap.flags.v  Version Number
        Unsigned 8-bit integer

Session Description Protocol (sdp)

Short Frame (short)

Simple Network Management Protocol (snmp)

    snmpv3.flags  SNMPv3 Flags
        Unsigned 8-bit integer

    snmpv3.flags.auth  Authenticated
        Boolean

    snmpv3.flags.crypt  Encrypted
        Boolean

    snmpv3.flags.report  Reportable
        Boolean

Sinec H1 Protocol (h1)

    h1.dbnr  Memory block number
        Unsigned 8-bit integer

    h1.dlen  Length in words
        Signed 16-bit integer

    h1.dwnr  Address within memory block
        Unsigned 16-bit integer

    h1.empty  Empty field
        Unsigned 8-bit integer

    h1.empty_len  Empty field length
        Unsigned 8-bit integer

    h1.header  H1-Header
        Unsigned 16-bit integer

    h1.len  Length indicator
        Unsigned 16-bit integer

    h1.opcode  Opcode
        Unsigned 8-bit integer

    h1.opfield  Operation identifier
        Unsigned 8-bit integer

    h1.oplen  Operation length
        Unsigned 8-bit integer

    h1.org  Memory type
        Unsigned 8-bit integer

    h1.reqlen  Request length
        Unsigned 8-bit integer

    h1.request  Request identifier
        Unsigned 8-bit integer

    h1.reslen  Response length
        Unsigned 8-bit integer

    h1.response  Response identifier
        Unsigned 8-bit integer

    h1.resvalue  Response value
        Unsigned 8-bit integer

Socks Protocol (socks)

    socks.command  Command
        Unsigned 16-bit integer

    socks.dst  Remote Address
        IPv4 address

    socks.dstV6  Remote Address
        IPv6 address

    socks.dstport  Remote Port
        Unsigned 16-bit integer

    socks.username  User Name
        String

    socks.ver  Version
        Unsigned 8-bit integer

Spanning Tree Protocol (stp)

    stp.bridge.hw  Bridge Identifier
        6-byte Hardware (MAC) Address

    stp.flags  BPDU flags
        Unsigned 8-bit integer

    stp.forward  Forward Delay
        Double-precision floating point

    stp.hello  Hello Time
        Double-precision floating point

    stp.max_age  Max Age
        Double-precision floating point

    stp.msg_age  Message Age
        Double-precision floating point

    stp.port  Port identifier
        Unsigned 16-bit integer

    stp.protocol  Protocol Identifier
        Unsigned 16-bit integer

    stp.root.cost  Root Path Cost
        Unsigned 32-bit integer

    stp.root.hw  Root Identifier
        6-byte Hardware (MAC) Address

    stp.type  BPDU type
        Unsigned 8-bit integer

    stp.version  Protocol Version Identifier
        Unsigned 8-bit integer

Status Service (stat)

Systems Network Architecture (sna)

    sna.rh  Request/Response Header
        No value

    sna.rh.0  Request/Response Header Byte 0
        Unsigned 8-bit integer

    sna.rh.1  Request/Response Header Byte 1
        Unsigned 8-bit integer

    sna.rh.2  Request/Response Header Byte 2
        Unsigned 8-bit integer

    sna.rh.bbi  Begin Bracket Indicator
        Boolean

    sna.rh.bci  Begin Chain Indicator
        Boolean

    sna.rh.cdi  Change Direction Indicator
        Boolean

    sna.rh.cebi  Conditional End Bracket Indicator
        Boolean

    sna.rh.csi  Code Selection Indicator
        Boolean

    sna.rh.dr1  Definite Response 1 Indicator
        Boolean

    sna.rh.dr2  Definite Response 2 Indicator
        Boolean

    sna.rh.ebi  End Bracket Indicator
        Boolean

    sna.rh.eci  End Chain Indicator
        Boolean

    sna.rh.edi  Enciphered Data Indicator
        Boolean

    sna.rh.eri  Exception Response Indicator
        Boolean

    sna.rh.fi  Format Indicator
        Boolean

    sna.rh.lcci  Length-Checked Compression Indicator
        Boolean

    sna.rh.pdi  Padded Data Indicator
        Boolean

    sna.rh.pi  Pacing Indicator
        Boolean

    sna.rh.qri  Queued Response Indicator
        Boolean

    sna.rh.rlwi  Request Larger Window Indicator
        Boolean

    sna.rh.rri  Request/Response Indicator
        Unsigned 8-bit integer

    sna.rh.rti  Response Type Indicator
        Boolean

    sna.rh.ru_category  Request/Response Unit Category
        Unsigned 8-bit integer

    sna.rh.sdi  Sense Data Included
        Boolean

    sna.ru  Request/Response Unit
        No value

    sna.th  Transmission Header
        No value

    sna.th.0  Transmission Header Byte 0
        Unsigned 8-bit integer

    sna.th.cmd_fmt  Command Format
        Unsigned 8-bit integer

    sna.th.cmd_sn  Command Sequence Number
        Unsigned 16-bit integer

    sna.th.cmd_type  Command Type
        Unsigned 8-bit integer

    sna.th.daf  Destination Address Field
        Unsigned 16-bit integer

    sna.th.dcf  Data Count Field
        Unsigned 16-bit integer

    sna.th.def  Destination Element Field
        Unsigned 16-bit integer

    sna.th.dsaf  Destination Subarea Address Field
        Unsigned 32-bit integer

    sna.th.efi  Expedited Flow Indicator
        Unsigned 8-bit integer

    sna.th.er_vr_supp_ind  ER and VR Support Indicator
        Unsigned 8-bit integer

    sna.th.ern  Explicit Route Number
        Unsigned 8-bit integer

    sna.th.fid  Format Identifer
        Unsigned 8-bit integer

    sna.th.iern  Initial Explicit Route Number
        Unsigned 8-bit integer

    sna.th.lsid  Local Session Identification
        Unsigned 8-bit integer

    sna.th.mft  MPR FID4 Type
        Boolean

    sna.th.mpf  Mapping Field
        Unsigned 8-bit integer

    sna.th.nlp_cp  NLP Count or Padding
        Unsigned 8-bit integer

    sna.th.nlpoi  NLP Offset Indicator
        Unsigned 8-bit integer

    sna.th.ntwk_prty  Network Priority
        Unsigned 8-bit integer

    sna.th.oaf  Origin Address Field
        Unsigned 16-bit integer

    sna.th.odai  ODAI Assignment Indicator
        Unsigned 8-bit integer

    sna.th.oef  Origin Element Field
        Unsigned 16-bit integer

    sna.th.osaf  Origin Subarea Address Field
        Unsigned 32-bit integer

    sna.th.piubf  PIU Blocking Field
        Unsigned 8-bit integer

    sna.th.sa  Session Address
        Byte array

    sna.th.snai  SNA Indicator
        Boolean

    sna.th.snf  Sequence Number Field
        Unsigned 16-bit integer

    sna.th.tg_nonfifo_ind  Transmission Group Non-FIFO Indicator
        Boolean

    sna.th.tg_snf  Transmission Group Sequence Number Field
        Unsigned 16-bit integer

    sna.th.tg_sweep  Transmission Group Sweep
        Unsigned 8-bit integer

    sna.th.tgsf  Transmission Group Segmenting Field
        Unsigned 8-bit integer

    sna.th.tpf  Transmission Priority Field
        Unsigned 8-bit integer

    sna.th.vr_cwi  Virtual Route Change Window Indicator
        Unsigned 16-bit integer

    sna.th.vr_cwri  Virtual Route Change Window Reply Indicator
        Unsigned 16-bit integer

    sna.th.vr_pac_cnt_ind  Virtual Route Pacing Count Indicator
        Unsigned 8-bit integer

    sna.th.vr_rwi  Virtual Route Reset Window Indicator
        Boolean

    sna.th.vr_snf_send  Virtual Route Send Sequence Number Field
        Unsigned 16-bit integer

    sna.th.vr_sqti  Virtual Route Sequence and Type Indicator
        Unsigned 16-bit integer

    sna.th.vrn  Virtual Route Number
        Unsigned 8-bit integer

    sna.th.vrprq  Virtual Route Pacing Request
        Boolean

    sna.th.vrprs  Virtual Route Pacing Response
        Boolean

TACACS (tacacs)

    tacacs.request  Request
        Boolean

    tacacs.response  Response
        Boolean

    tacacs.version  Tacacs Version
        String

Telnet (telnet)

Time Protocol (time)

    time.time  Time
        Unsigned 32-bit integer

Token-Ring (tr)

    tr.ac  Access Control
        Unsigned 8-bit integer

    tr.addr  Source or Destination Address
        6-byte Hardware (MAC) Address

    tr.broadcast  Broadcast Type
        Unsigned 8-bit integer

    tr.direction  Direction
        Unsigned 8-bit integer

    tr.dst  Destination
        6-byte Hardware (MAC) Address

    tr.fc  Frame Control
        Unsigned 8-bit integer

    tr.frame  Frame
        Boolean

    tr.frame_pcf  Frame PCF
        Unsigned 8-bit integer

    tr.frame_type  Frame Type
        Unsigned 8-bit integer

    tr.max_frame_size  Maximum Frame Size
        Unsigned 8-bit integer

    tr.monitor_cnt  Monitor Count
        Unsigned 8-bit integer

    tr.priority  Priority
        Unsigned 8-bit integer

    tr.priority_reservation  Priority Reservation
        Unsigned 8-bit integer

    tr.rif  Ring-Bridge Pairs
        String

    tr.rif.bridge  RIF Bridge
        Unsigned 8-bit integer

    tr.rif.ring  RIF Ring
        Unsigned 16-bit integer

    tr.rif_bytes  RIF Bytes
        Unsigned 8-bit integer

    tr.sr  Source Routed
        Boolean

    tr.src  Source
        6-byte Hardware (MAC) Address

Token-Ring Media Access Control (trmac)

    trmac.dstclass  Destination Class
        Unsigned 8-bit integer

    trmac.errors.abort  Abort Delimiter Transmitted Errors
        Unsigned 8-bit integer

    trmac.errors.ac  A/C Errors
        Unsigned 8-bit integer

    trmac.errors.burst  Burst Errors
        Unsigned 8-bit integer

    trmac.errors.congestion  Receiver Congestion Errors
        Unsigned 8-bit integer

    trmac.errors.fc  Frame-Copied Errors
        Unsigned 8-bit integer

    trmac.errors.freq  Frequency Errors
        Unsigned 8-bit integer

    trmac.errors.internal  Internal Errors
        Unsigned 8-bit integer

    trmac.errors.iso  Isolating Errors
        Unsigned 16-bit integer

    trmac.errors.line  Line Errors
        Unsigned 8-bit integer

    trmac.errors.lost  Lost Frame Errors
        Unsigned 8-bit integer

    trmac.errors.noniso  Non-Isolating Errors
        Unsigned 16-bit integer

    trmac.errors.token  Token Errors
        Unsigned 8-bit integer

    trmac.length  Total Length
        Unsigned 8-bit integer

    trmac.mvec  Major Vector
        Unsigned 8-bit integer

    trmac.naun  NAUN
        6-byte Hardware (MAC) Address

    trmac.srcclass  Source Class
        Unsigned 8-bit integer

    trmac.svec  Sub-Vector
        Unsigned 8-bit integer

Transmission Control Protocol (tcp)

    tcp.ack  Acknowledgement number
        Unsigned 32-bit integer

    tcp.checksum  Checksum
        Unsigned 16-bit integer

    tcp.dstport  Destination Port
        Unsigned 16-bit integer

    tcp.flags  Flags
        Unsigned 8-bit integer

    tcp.flags.ack  Acknowledgment
        Boolean

    tcp.flags.fin  Fin
        Boolean

    tcp.flags.push  Push
        Boolean

    tcp.flags.reset  Reset
        Boolean

    tcp.flags.syn  Syn
        Boolean

    tcp.flags.urg  Urgent
        Boolean

    tcp.hdr_len  Header Length
        Unsigned 8-bit integer

    tcp.port  Source or Destination Port
        Unsigned 16-bit integer

    tcp.seq  Sequence number
        Unsigned 32-bit integer

    tcp.srcport  Source Port
        Unsigned 16-bit integer

    tcp.urgent_pointer  Urgent pointer
        Unsigned 16-bit integer

    tcp.window_size  Window size
        Unsigned 16-bit integer

Transparent Network Substrate Protocol (tns)

    tns.compat_version  Version (Compatible)
        Unsigned 16-bit integer

    tns.connect  Connect
        Boolean

    tns.data_flag  Data Flag
        Unsigned 16-bit integer

    tns.header_checksum  Header Checksum
        Unsigned 16-bit integer

    tns.length  Packet Length
        Unsigned 32-bit integer

    tns.packet_checksum  Packet Checksum
        Unsigned 16-bit integer

    tns.request  Request
        Boolean

    tns.reserved_byte  Reserved Byte
        Byte array

    tns.response  Response
        Boolean

    tns.service_options  Service Options
        Unsigned 16-bit integer

    tns.sns  Secure Network Services
        Boolean

    tns.type  Packet Type
        Unsigned 8-bit integer

    tns.version  Version
        Unsigned 16-bit integer

Trivial File Transfer Protocol (tftp)

    tftp.error.code  Error code
        Unsigned 16-bit integer

    tftp.type  Type
        Unsigned 16-bit integer

User Datagram Protocol (udp)

    udp.checksum  Checksum
        Unsigned 16-bit integer

    udp.dstport  Destination Port
        Unsigned 16-bit integer

    udp.length  Length
        Unsigned 16-bit integer

    udp.port  Source or Destination Port
        Unsigned 16-bit integer

    udp.srcport  Source Port
        Unsigned 16-bit integer

Virtual Router Redundancy Protocol (vrrp)

    vrrp.type  VRRP packet type
        Unsigned 8-bit integer

    vrrp.typever  VRRP message version and type
        Unsigned 8-bit integer

    vrrp.version  VRRP protocol version
        Unsigned 8-bit integer

Virtual Trunking Protocol (vtp)

    vtp.code  Code
        Unsigned 8-bit integer

    vtp.conf_rev_num  Configuration Revision Number
        Unsigned 32-bit integer

    vtp.followers  Followers
        Unsigned 8-bit integer

    vtp.md  Management Domain
        String

    vtp.md5_digest  MD5 Digest
        Byte array

    vtp.md_len  Management Domain Length
        Unsigned 8-bit integer

    vtp.seq_num  Sequence Number
        Unsigned 8-bit integer

    vtp.start_value  Start Value
        Unsigned 16-bit integer

    vtp.upd_id  Updater Identity
        IPv4 address

    vtp.upd_ts  Update Timestamp
        String

    vtp.version  Version
        Unsigned 8-bit integer

    vtp.vlan_info.802_10_index  802.10 Index
        Unsigned 32-bit integer

    vtp.vlan_info.isl_vlan_id  ISL VLAN ID
        Unsigned 16-bit integer

    vtp.vlan_info.len  VLAN Information Length
        Unsigned 8-bit integer

    vtp.vlan_info.mtu_size  MTU Size
        Unsigned 16-bit integer

    vtp.vlan_info.status.vlan_susp  VLAN suspended
        Boolean

    vtp.vlan_info.tlv_len  Length
        Unsigned 8-bit integer

    vtp.vlan_info.tlv_type  Type
        Unsigned 8-bit integer

    vtp.vlan_info.vlan_name  VLAN Name
        String

    vtp.vlan_info.vlan_name_len  VLAN Name Length
        Unsigned 8-bit integer

    vtp.vlan_info.vlan_type  VLAN Type
        Unsigned 8-bit integer

Web Cache Coordination Protocol (wccp)

    wccp.cache_ip  Web Cache IP address
        IPv4 address

    wccp.change_num  Change Number
        Unsigned 32-bit integer

    wccp.hash_revision  Hash Revision
        Unsigned 32-bit integer

    wccp.message  WCCP Message Type
        Unsigned 32-bit integer

    wccp.recvd_id  Received ID
        Unsigned 32-bit integer

    wccp.version  WCCP Version
        Unsigned 32-bit integer

Who (who)

    who.boottime  Boot Time
        Date/Time stamp

    who.hostname  Hostname
        String

    who.idle  Time Idle
        Unsigned 32-bit integer

    who.loadav_10  Load Average Over Past 10 Minutes
        Double-precision floating point

    who.loadav_15  Load Average Over Past 15 Minutes
        Double-precision floating point

    who.loadav_5  Load Average Over Past  5 Minutes
        Double-precision floating point

    who.recvtime  Receive Time
        Date/Time stamp

    who.sendtime  Send Time
        Date/Time stamp

    who.timeon  Time On
        Date/Time stamp

    who.tty  TTY Name
        String

    who.type  Type
        Unsigned 8-bit integer

    who.uid  User ID
        String

    who.vers  Version
        Unsigned 8-bit integer

    who.whoent  Who utmp Entry
        No value

X.25 (x25)

    x25.d  D Bit
        Boolean

    x25.lcn  Logical Channel
        Unsigned 16-bit integer

    x25.m  M Bit
        Boolean

    x25.mod  Modulo
        Unsigned 16-bit integer

    x25.p_r  P(R)
        Unsigned 8-bit integer

    x25.p_s  P(S)
        Unsigned 8-bit integer

    x25.q  Q Bit
        Boolean

    x25.type  Packet Type
        Unsigned 8-bit integer

Yahoo Messenger Protocol (yhoo)

    yhoo.connection_id  Connection ID
        Unsigned 32-bit integer

    yhoo.content  Content
        String

    yhoo.len  Packet Length
        Unsigned 32-bit integer

    yhoo.magic_id  Magic ID
        Unsigned 32-bit integer

    yhoo.msgtype  Message Type
        Unsigned 32-bit integer

    yhoo.nick1  Real Nick (nick1)
        String

    yhoo.nick2  Active Nick (nick2)
        String

    yhoo.service  Service Type
        Unsigned 32-bit integer

    yhoo.unknown1  Unknown 1
        Unsigned 32-bit integer

    yhoo.version  Version
        String

Yellow Pages Bind (ypbind)

Yellow Pages Service (ypserv)

    ypserv.domain  Domain
        String

    ypserv.key  Key
        String

    ypserv.map  Map Name
        String

    ypserv.servesdomain  Serves Domain
        Boolean

    ypserv.status  Status
        Boolean

    ypserv.value  Value
        String

Yellow Pages Transfer (ypxfr)

FILES

/etc/ethers is consulted to correlate 6-byte hardware addresses to names. If an address is not found in /etc/ethers, the $HOME/.ethereal/ethers file is consulted next. Each line contains one hardware address and name, separated by whitespace. The digits of the hardware address are separated by either a colon (:), a dash (-), or a period (.). The following three lines are valid lines of an ethers file:

  ff:ff:ff:ff:ff:ff          Broadcast
  c0-00-ff-ff-ff-ff          TR_broadcast
  00.00.00.00.00.00          Zero_broadcast

/usr/local/etc/manuf matches the 3-byte vendor portion of a 6-byte hardware address with the manufacturer's name. The format of the file is the same as the /etc/ethers file, except that each address is three bytes instead of six.

/etc/ipxnets and $HOME/.ethereal/ipxnets correlate 4-byte IPX network numbers to names. The format is the same as the /etc/ethers file, except that each address if four bytes instead of six. Additionally, the address can be represented a single hexadecimal number, as is more common in the IPX world, rather than four hex octets. For example, these four lines are valid lines of an ipxnets file.

  C0.A8.2C.00              HR
  c0-a8-1c-00              CEO
  00:00:BE:EF              IT_Server1
  110f                     FileServer3

NOTES

The latest version of Ethereal can be found at http://ethereal.zing.org.

AUTHORS

  Original Author
  -------- ------
  Gerald Combs  <gerald@zing.org>

  Contributors
  ------------
  Gilbert Ramirez          <gram@xiexie.org>
  Hannes R. Boehm          <hannes@boehm.org>
  Mike Hall                <mlh@io.com>
  Bobo Rajec               <bobo@bsp-consulting.sk>
  Laurent Deniel           <deniel@worldnet.fr>
  Don Lafontaine           <lafont02@cn.ca>
  Guy Harris               <guy@alum.mit.edu>
  Simon Wilkinson          <sxw@dcs.ed.ac.uk>
  Joerg Mayer              <jmayer@telemation.de>
  Martin Maciaszek         <fastjack@i-s-o.net>
  Didier Jorand            <Didier.Jorand@alcatel.fr>
  Jun-ichiro itojun Hagino <itojun@iijlab.net>
  Richard Sharpe           <sharpe@ns.aus.com>
  John McDermott           <jjm@jkintl.com> 
  Jeff Jahr                <jjahr@shastanets.com>
  Brad Robel-Forrest       <bradr@watchguard.com>
  Ashok Narayanan          <ashokn@cisco.com>
  Aaron Hillegass          <aaron@classmax.com>
  Jason Lango              <jal@netapp.com>
  Johan Feyaerts           <Johan.Feyaerts@siemens.atea.be>
  Olivier Abad             <oabad@cybercable.fr>
  Thierry Andry            <Thierry.Andry@advalvas.be>
  Jeff Foster              <jjfoste@woodward.com>
  Peter Torvals            <petertv@xoommail.com>
  Christophe Tronche       <ch.tronche@computer.org>
  Nathan Neulinger         <nneul@umr.edu>
  Tomislav Vujec           <tvujec@carnet.hr>
  Kojak                    <kojak@bigwig.net>
  Uwe Girlich              <Uwe.Girlich@philosys.de>
  Warren Young             <tangent@mail.com>
  Heikki Vatiainen         <hessu@cs.tut.fi>
  Greg Hankins             <gregh@twoguys.org>
  Jerry Talkington         <jerryt@netapp.com>
  Dave Chapeskie           <dchapes@ddm.on.ca>
  James Coe                <jammer@cin.net>
  Bert Driehuis            <driehuis@playbeing.org>
  Stuart Stanley           <stuarts@mxmail.net>
  John Thomes              <john@ensemblecom.com>
  Laurent Cazalet          <laurent.cazalet@mailclub.net>
  Thomas Parvais           <thomas.parvais@advalvas.be>
  Gerrit Gehnen            <G.Gehnen@atrie.de>
  Craig Newell             <craign@cheque.uq.edu.au>
  Ed Meaney                <emeaney@altiga.com>
  Dietmar Petras           <DPetras@ELSA.de> 
  Fred Reimer              <fwr@ga.prestige.net>
  Florian Lohoff           <flo@rfc822.org>
  Jochen Friedrich         <jochen+ethereal@scram.de>
  Paul Welchinski          <paul.welchinski@telusplanet.net>
  Doug Nazar               <nazard@dragoninc.on.ca>
  Andreas Sikkema          <andreas.sikkema@philips.com>
  Mark Muhlestein          <mmm@netapp.com>
  Graham Bloice            <graham.bloice@trihedral.com>
  Ralf Schneider           <ralf.schneider@alcatel.se>
  Yaniv Kaul               <ykaul@checkpoint.com>
  Paul Ionescu             <ipaul@romsys.ro>
  Mark Burton              <markb@ordern.com>
  Michael Tuexen           <Michael.Tuexen@icn.siemens.de>
  Stefan Raab              <stefan.raab@nextel.com>

Alain Magloire <alainm@rcsm.ece.mcgill.ca> was kind enough to give his permission to use his version of snprintf.c.

Dan Lasley <dlasley@promus.com> gave permission for his dumpit() hex-dump routine to be used.

Index

NAME
SYNOPSYS
DESCRIPTION
OPTIONS
INTERFACE
MENU ITEMS
WINDOWS
CAPTURE FILTER SYNTAX
DISPLAY FILTER SYNTAX
802.1q Virtual LAN (vlan)
ATM (atm)
ATM LANE (lane)
Address Resolution Protocol (arp)
Andrew File System (AFS) (afs)
Appletalk Address Resolution Protocol (aarp)
Async data over ISDN (V.120) (v120)
Authentication Header (ah)
Boot Parameters (bootparams)
Bootstrap Protocol (bootp)
Border Gateway Protocol (bgp)
Cisco Auto-RP (auto_rp)
Cisco Discovery Protocol (cdp)
Cisco Group Management Protocol (cgmp)
Cisco Hot Standby Router Protocol (hsrp)
Cisco ISL (isl)
Common Open Policy Service (cops)
Data (data)
Datagram Delivery Protocol (ddp)
Domain Name Service (dns)
Dynamic DNS Tools Protocol (ddtp)
Encapsulated Security Payload (esp)
Enhanced Interior Gateway Routing Protocol (eigrp)
Ethernet (eth)
Extended X.25 (modulo 128) (ex25)
Fiber Distributed Data Interface (fddi)
File Transfer Protocol (ftp)
Frame (frame)
General Inter-ORB Protocol (giop)
Generic Routing Encapsulation (gre)
Hypertext Transfer Protocol (http)
ICQ Protocol (icq)
ILMI (ilmi)
IP Payload Compression (ipcomp)
IPX Message (ipxmsg)
IPX Routing Information Protocol (ipxrip)
ISIS HELLO (isis_hello)
ISO 10598 ISIS Complete Sequence Numbers Protocol Data Unit (isis_csnp)
ISO 10598 ISIS InTRA Domain Routeing Information Exchange Protocol (isis)
ISO 10598 ISIS Link State Protocol Data Unit (isis_lsp)
ISO 10598 ISIS Partial Sequence Numbers Protocol Data Unit (isis_psnp)
ISO 8073 COTP Connection-Oriented Transport Protocol (cotp)
ISO 8473 CLNP ConnectionLess Network Protocol (clnp)
ISO 9542 ESIS Routeing Information Exchange Protocol (esis)
Internet Cache Protocol (icp)
Internet Control Message Protocol (icmp)
Internet Control Message Protocol v6 (icmpv6)
Internet Group Management Protocol (igmp)
Internet Message Access Protocol (imap)
Internet Printing Protocol (ipp)
Internet Protocol (ip)
Internet Protocol Version 6 (ipv6)
Internet Relay Chat (irc)
Internet Security Association and Key Management Protocol (isakmp)
Internetwork Packet eXchange (ipx)
L2TP Protocol (l2tp)
Lightweight Directory Access Protocol (ldap)
Line Printer Daemon Protocol (lpd)
Link Access Procedure Balanced (LAPB) (lapb)
Link Access Procedure, Channel D (LAPD) (lapd)
Logical-Link Control (llc)
Lucent/Ascend debug output (ascend)
MAPI (mapi)
MSProxy Protocol (msproxy)
Malformed Frame (malformed)
Microsoft Windows Browser Protocol (browser)
Microsoft Windows Lanman Protocol (lanman)
Microsoft Windows Logon Protocol (netlogon)
Mobile IP (mip)
Mount Service (mount)
MultiProtocol Label Switching Header (mpls)
Name Binding Protocol (nbp)
NetBIOS (netbios)
NetBIOS Datagram Service (nbdgm)
NetBIOS Name Service (nbns)
NetBIOS Session Service (nbss)
NetBIOS over IPX (nbipx)
NetWare Core Protocol (ncp)
Network File System (nfs)
Network Lock Manager Protocol (nlm)
Network News Transfer Protocol (nntp)
Network Time Protocol (ntp)
Null/Loopback (null)
Open Shortest Path First (ospf)
PPP Multilink Protocol (mp)
Point-to-Point Protocol (ppp)
Portmap (portmap)
Post Office Protocol (pop)
Protocol Independent Multicast (pim)
Q.2931 (q2931)
Q.931 (q931)
RIPng (ripng)
RTP Control Protocol (rtcp)
RX Protocol (rx)
Radius Protocol (radius)
Real Time Streaming Protocol (rtsp)
Realtime Transport Protocol (rtp)
Remote Procedure Call (rpc)
Resource ReserVation Protocol (RSVP) (rsvp)
Rlogin Protocol (rlogin)
Routing Information Protocol (rip)
Routing Table (rtmp)
SMB MailSlot Protocol (mailslot)
SNMP Multiplex Protocol (smux)
SSCOP (sscop)
Sequenced Packet eXchange (spx)
Server Message Block Protocol (smb)
Service Advertisement Protocol (ipxsap)
Service Location Protocol (srvloc)
Session Announcement Protocol (sap)
Session Description Protocol (sdp)
Short Frame (short)
Simple Network Management Protocol (snmp)
Sinec H1 Protocol (h1)
Socks Protocol (socks)
Spanning Tree Protocol (stp)
Status Service (stat)
Systems Network Architecture (sna)
TACACS (tacacs)
Telnet (telnet)
Time Protocol (time)
Token-Ring (tr)
Token-Ring Media Access Control (trmac)
Transmission Control Protocol (tcp)
Transparent Network Substrate Protocol (tns)
Trivial File Transfer Protocol (tftp)
User Datagram Protocol (udp)
Virtual Router Redundancy Protocol (vrrp)
Virtual Trunking Protocol (vtp)
Web Cache Coordination Protocol (wccp)
Who (who)
X.25 (x25)
Yahoo Messenger Protocol (yhoo)
Yellow Pages Bind (ypbind)
Yellow Pages Service (ypserv)
Yellow Pages Transfer (ypxfr)
FILES
SEE ALSO
NOTES
AUTHORS

This document was created by man2html, using the manual pages.
Time: 14:01:41 GMT, June 08, 2000