Wireshark Protocol Display Filter Reference

Wireshark Protocol Display Filter Reference

Wireshark's most powerful feature is its vast array of display filters (over 80000 as of version 1.0.3). They let you drill drill down to the exact traffic you want to see and are the basis of many of Wireshark's other features, such as the coloring rules.

This is a reference. If you need help using display filters, please see the wireshark-filter and the User's Guide.

Index

2 3 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

2

2dparityfec: Pro-MPEG Code of Practice #3 release 2 FEC Protocol (0.99.3 to 1.0.3, 14 fields)

2dparityfec.d: Row FEC (D) (0.99.3 to 0.99.5, 0 fields)

2dparityfec.e: RFC2733 Extension (E) (0.99.3 to 0.99.5, 0 fields)

2dparityfec.index: Index (0.99.3 to 0.99.5, 0 fields)

2dparityfec.lr: Length recovery (0.99.3 to 0.99.5, 0 fields)

2dparityfec.mask: Mask (0.99.3 to 0.99.5, 0 fields)

2dparityfec.na: NA (0.99.3 to 0.99.5, 0 fields)

2dparityfec.offset: Offset (0.99.3 to 0.99.5, 0 fields)

2dparityfec.payload: FEC Payload (0.99.3 to 0.99.5, 0 fields)

2dparityfec.ptr: Payload Type recovery (0.99.3 to 0.99.5, 0 fields)

2dparityfec.snbase_ext: SNBase ext (0.99.3 to 0.99.5, 0 fields)

2dparityfec.snbase_low: SNBase low (0.99.3 to 0.99.5, 0 fields)

2dparityfec.tsr: Timestamp recovery (0.99.3 to 0.99.5, 0 fields)

2dparityfec.type: Type (0.99.3 to 0.99.5, 0 fields)

2dparityfec.x: Pro-MPEG Extension (X) (0.99.3 to 0.99.5, 0 fields)

3

3comxns: 3Com XNS Encapsulation (0.99.0 to 1.0.3, 2 fields)

9

9p: Plan 9 9P (0.99.0 to 1.0.3, 38 fields)

A

a11: 3GPP2 A11 (0.99.0 to 1.0.3, 75 fields)

aal1: ATM AAL1 (0.99.0 to 1.0.3, 0 fields)

aal3_4: ATM AAL3/4 (0.99.0 to 1.0.3, 0 fields)

aarp: Appletalk Address Resolution Protocol (0.99.0 to 1.0.3, 13 fields)

aas: WiMax AAS-FEEDBACK/BEAM Messages (0.99.6 to 0.99.8, 29 fields)

acap: Application Configuration Access Protocol (0.99.0 to 1.0.3, 2 fields)

acn: Architecture for Control Networks (0.99.0 to 1.0.3, 109 fields)

acp133: ACP133 Attribute Syntaxes (0.99.0 to 1.0.3, 75 fields)

acse: ISO 8650-1 OSI Association Control Service (0.99.0 to 1.0.3, 94 fields)

actrace: AudioCodes Trunk Trace (0.99.0 to 1.0.3, 15 fields)

adp: Aruba - Aruba Discovery Protocol (0.99.0 to 1.0.3, 5 fields)

afp: Apple Filing Protocol (0.99.0 to 1.0.3, 286 fields)

afs: Andrew File System (AFS) (0.99.0 to 1.0.3, 244 fields)

agentx: AgentX (0.99.0 to 1.0.3, 31 fields)

ah: Authentication Header (0.99.0 to 1.0.3, 4 fields)

aim: AOL Instant Messenger (0.99.0 to 1.0.3, 51 fields)

aim_admin: AIM Administrative (0.99.0 to 1.0.3, 6 fields)

aim_adverts: AIM Advertisements (0.99.0 to 1.0.3, 0 fields)

aim_bos: AIM Privacy Management Service (0.99.0 to 1.0.3, 3 fields)

aim_buddylist: AIM Buddylist Service (0.99.0 to 1.0.3, 1 field)

aim_chat: AIM Chat Service (0.99.0 to 1.0.3, 0 fields)

aim_chatnav: AIM Chat Navigation (0.99.0 to 1.0.3, 0 fields)

aim_dir: AIM Directory Search (0.99.0 to 1.0.3, 0 fields)

aim_email: AIM E-mail (0.99.0 to 1.0.3, 0 fields)

aim_generic: AIM Generic Service (0.99.0 to 1.0.3, 60 fields)

aim_icq: AIM ICQ (0.99.0 to 1.0.3, 6 fields)

aim_invitation: AIM Invitation Service (0.99.0 to 1.0.3, 0 fields)

aim_location: AIM Location (0.99.0 to 1.0.3, 5 fields)

aim_lookup: AIM User Lookup (0.99.0 to 1.0.3, 2 fields)

aim_messaging: AIM Messaging (0.99.0 to 1.0.3, 55 fields)

aim_oft: AIM OFT (0.99.0 to 1.0.3, 0 fields)

aim_popup: AIM Popup (0.99.0 to 1.0.3, 0 fields)

aim_signon: AIM Signon (0.99.0 to 1.0.3, 3 fields)

aim_ssi: AIM Server Side Info (0.99.0 to 1.0.3, 20 fields)

aim_sst: AIM Server Side Themes (0.99.0 to 1.0.3, 12 fields)

aim_stats: AIM Statistics (0.99.0 to 1.0.3, 0 fields)

aim_translate: AIM Translate (0.99.0 to 1.0.3, 0 fields)

airopeek: Airopeek encapsulated IEEE 802.11 (0.99.8 to 1.0.3, 4 fields)

ajp13: Apache JServ Protocol v1.3 (0.99.0 to 1.0.3, 19 fields)

alc: Asynchronous Layered Coding (0.99.0 to 1.0.3, 33 fields)

alcap: AAL type 2 signalling protocol (Q.2630) (0.99.0 to 1.0.3, 151 fields)

amqp: Advanced Message Queueing Protocol (0.99.6 to 1.0.3, 100 fields)

amr: Adaptive Multi-Rate (0.99.0 to 1.0.3, 53 fields)

ams: AMS (0.99.8 to 1.0.3, 65 fields)

ans: Intel ANS probe (0.99.0 to 1.0.3, 5 fields)

ansi_637_tele: ANSI IS-637-A (SMS) Teleservice Layer (0.99.0 to 1.0.3, 14 fields)

ansi_637_trans: ANSI IS-637-A (SMS) Transport Layer (0.99.0 to 1.0.3, 4 fields)

ansi_683: ANSI IS-683-A (OTA (Mobile)) (0.99.0 to 1.0.3, 4 fields)

ansi_801: ANSI IS-801 (Location Services (PLD)) (0.99.0 to 1.0.3, 7 fields)

ansi_a_bsmap: ANSI A-I/F BSMAP (0.99.0 to 1.0.3, 46 fields)

ansi_a_dtap: ANSI A-I/F DTAP (0.99.0 to 1.0.3, 0 fields)

ansi_map: ANSI Mobile Application Part (0.99.0 to 1.0.3, 757 fields)

ansi_tcap: ANSI Transaction Capabilities Application Part (0.99.8 to 1.0.3, 47 fields)

aodv: Ad hoc On-demand Distance Vector Routing Protocol (0.99.0 to 1.0.3, 28 fields)

aoe: ATAoverEthernet (0.99.0 to 1.0.3, 19 fields)

ap1394: Apple IP-over-IEEE 1394 (0.99.0 to 1.0.3, 3 fields)

apap: Printer Access Protocol (0.99.0 to 1.0.3, 8 fields)

arcnet: ARCNET (0.99.0 to 1.0.3, 7 fields)

armagetronad: The Armagetron Advanced OpenGL Tron clone (0.99.0 to 1.0.3, 6 fields)

arp: Address Resolution Protocol (0.99.0 to 1.0.3, 33 fields)

arq: WiMax ARQ Feedback/Discard/Reset Messages (0.99.6 to 0.99.8, 21 fields)

artnet: Art-Net (0.99.0 to 1.0.3, 142 fields)

asap: Aggregate Server Access Protocol (0.99.0 to 1.0.3, 42 fields)

ascend: Lucent/Ascend debug output (0.99.0 to 1.0.3, 6 fields)

asf: Alert Standard Forum (0.99.0 to 1.0.3, 4 fields)

asn1: ASN.1 decoding (0.99.0 to 1.0.3, 0 fields)

asp: AppleTalk Session Protocol (0.99.0 to 1.0.3, 34 fields)

atm: ATM (0.99.0 to 1.0.3, 4 fields)

atp: AppleTalk Transaction Protocol packet (0.99.0 to 1.0.3, 17 fields)

atsvc: Microsoft AT-Scheduler Service (0.99.0 to 1.0.3, 127 fields)

auto_rp: Cisco Auto-RP (0.99.0 to 1.0.3, 9 fields)

ax4000: AX/4000 Test Block (0.99.0 to 1.0.3, 7 fields)

B

bacapp: Building Automation and Control Network APDU (0.99.0 to 1.0.3, 31 fields)

bacnet: Building Automation and Control Network NPDU (0.99.0 to 1.0.3, 30 fields)

bacp: PPP Bandwidth Allocation Control Protocol (0.99.0 to 1.0.3, 0 fields)

bap: PPP Bandwidth Allocation Protocol (0.99.0 to 1.0.3, 0 fields)

basicxid: Logical-Link Control Basic Format XID (0.99.0 to 1.0.3, 6 fields)

bcp: PPP Bridging Control Protocol (0.99.0 to 1.0.3, 6 fields)

bctp: BCTP Q.1990 (0.99.6 to 1.0.3, 4 fields)

beep: Blocks Extensible Exchange Protocol (0.99.0 to 1.0.3, 19 fields)

ber: Basic Encoding Rules (ASN.1 X.690) (0.99.0 to 1.0.3, 35 fields)

bfd: Bidirectional Forwarding Detection Control Message (0.99.8 to 1.0.3, 23 fields)

bfdcontrol: Bi-directional Fault Detection Control Message (0.99.0 to 0.99.8, 16 fields)

bgp: Border Gateway Protocol (0.99.0 to 1.0.3, 28 fields)

bicc: Bearer Independent Call Control (0.99.0 to 1.0.3, 1 field)

bittorrent: BitTorrent (0.99.0 to 1.0.3, 28 fields)

bofl: Wellfleet Breath of Life (0.99.0 to 1.0.3, 2 fields)

bootp: Bootstrap Protocol (0.99.0 to 1.0.3, 40 fields)

bootparams: Boot Parameters (0.99.0 to 1.0.3, 8 fields)

bossvr: DCE DFS Basic Overseer Server (0.99.0 to 1.0.3, 1 field)

brdwlk: Boardwalk (0.99.0 to 1.0.3, 15 fields)

browser: Microsoft Windows Browser Protocol (0.99.0 to 1.0.3, 61 fields)

bssap: BSSAP/BSAP (0.99.0 to 1.0.3, 57 fields)

bssgp: Base Station Subsystem GPRS Protocol (0.99.0 to 1.0.3, 22 fields)

bthci_acl: Bluetooth HCI ACL Packet (0.99.2 to 1.0.3, 7 fields)

bthci_cmd: Bluetooth HCI Command (0.99.2 to 1.0.3, 202 fields)

bthci_evt: Bluetooth HCI Event (0.99.2 to 1.0.3, 130 fields)

bthci_sco: Bluetooth HCI SCO Packet (0.99.2 to 1.0.3, 3 fields)

btl2cap: Bluetooth L2CAP Packet (0.99.2 to 1.0.3, 41 fields)

btrfcomm: Bluetooth RFCOMM Packet (0.99.2 to 1.0.3, 24 fields)

btsdp: Bluetooth SDP (0.99.2 to 1.0.3, 7 fields)

budb: DCE/DFS BUDB (0.99.0 to 1.0.3, 214 fields)

butc: DCE/RPC BUTC (0.99.0 to 1.0.3, 122 fields)

bvlc: BACnet Virtual Link Control (0.99.0 to 1.0.3, 14 fields)

C

calcappprotocol: Calculation Application Protocol (0.99.2 to 1.0.3, 7 fields)

camel: Camel (0.99.0 to 1.0.3, 630 fields)

cast: Cast Client Control Protocol (0.99.0 to 1.0.3, 92 fields)

cba_acco_cb: ICBAAccoCallback (0.99.0 to 1.0.3, 14 fields)

cba_acco_cb2: ICBAAccoCallback2 (0.99.0 to 1.0.3, 0 fields)

cba_acco_mgt: ICBAAccoMgt (0.99.0 to 1.0.3, 44 fields)

cba_acco_mgt2: ICBAAccoMgt2 (0.99.0 to 1.0.3, 0 fields)

cba_acco_server: ICBAAccoServer (0.99.0 to 1.0.3, 14 fields)

cba_acco_server2: ICBAAccoServer2 (0.99.0 to 1.0.3, 0 fields)

cba_acco_server_srt: ICBAAccoServerSRT (0.99.0 to 1.0.3, 0 fields)

cba_acco_sync: ICBAAccoSync (0.99.0 to 1.0.3, 0 fields)

cba_browse: ICBABrowse (0.99.0 to 1.0.3, 20 fields)

cba_browse2: ICBABrowse2 (0.99.0 to 1.0.3, 0 fields)

cba_grouperror: ICBAGroupError (0.99.0 to 1.0.3, 0 fields)

cba_grouperror_event: ICBAGroupErrorEvent (0.99.0 to 1.0.3, 0 fields)

cba_ldev: ICBALogicalDevice (0.99.0 to 1.0.3, 0 fields)

cba_ldev2: ICBALogicalDevice2 (0.99.0 to 1.0.3, 0 fields)

cba_pdev: ICBAPhysicalDevice (0.99.0 to 1.0.3, 17 fields)

cba_pdev2: ICBAPhysicalDevice2 (0.99.0 to 1.0.3, 0 fields)

cba_pdev_class: CBAPhysicalDevice (0.99.0 to 0.99.3, 0 fields)

cba_pdev_pc: ICBAPhysicalDevicePC (0.99.0 to 1.0.3, 0 fields)

cba_pdev_pc_event: ICBAPhysicalDevicePCEvent (0.99.0 to 1.0.3, 0 fields)

cba_persist: ICBAPersist (0.99.0 to 1.0.3, 0 fields)

cba_persist2: ICBAPersist2 (0.99.0 to 1.0.3, 0 fields)

cba_rtauto: ICBARTAuto (0.99.0 to 1.0.3, 0 fields)

cba_rtauto2: ICBARTAuto2 (0.99.0 to 1.0.3, 0 fields)

cba_state: ICBAState (0.99.0 to 1.0.3, 0 fields)

cba_state_event: ICBAStateEvent (0.99.0 to 1.0.3, 0 fields)

cba_sysprop: ICBASystemProperties (0.99.0 to 1.0.3, 0 fields)

cba_time: ICBATime (0.99.0 to 1.0.3, 0 fields)

cbcp: PPP Callback Control Protocol (0.99.0 to 1.0.3, 0 fields)

ccp: PPP Compression Control Protocol (0.99.0 to 1.0.3, 0 fields)

ccsds: CCSDS (0.99.0 to 1.0.3, 14 fields)

ccsrl: H.324/CCSRL (0.99.0 to 1.0.3, 1 field)

cd: WiMax DCD/UCD Messages (0.99.6 to 0.99.8, 129 fields)

cdp: Cisco Discovery Protocol (0.99.0 to 1.0.3, 7 fields)

cdpcp: PPP CDP Control Protocol (0.99.0 to 1.0.3, 0 fields)

cds_clerkserver: CDS Clerk Server Calls (0.99.0 to 1.0.3, 1 field)

cds_solicit: DCE/RPC CDS Solicitation (0.99.0 to 1.0.3, 1 field)

cdt: Compressed Data Type (0.99.0 to 1.0.3, 9 fields)

cflow: Cisco NetFlow/IPFIX (0.99.0 to 1.0.3, 118 fields)

cfm: CFM EOAM 802.1ag/ITU Protocol (0.99.8 to 1.0.3, 96 fields)

cgmp: Cisco Group Management Protocol (0.99.0 to 1.0.3, 5 fields)

chap: PPP Challenge Handshake Authentication Protocol (0.99.0 to 1.0.3, 7 fields)

chdlc: Cisco HDLC (0.99.0 to 1.0.3, 2 fields)

cigi: Common Image Generator Interface (0.99.0 to 1.0.3, 629 fields)

cimd: Computer Interface to Message Distribution (0.99.0 to 1.0.3, 48 fields)

cip: Common Industrial Protocol (0.99.0 to 1.0.3, 23 fields)

ciscowl: Cisco Wireless Layer 2 (0.99.0 to 0.99.4, 15 fields)

cldap: Connectionless Lightweight Directory Access Protocol (0.99.0 to 1.0.3, 0 fields)

clearcase: Clearcase NFS (0.99.0 to 1.0.3, 1 field)

clk: WiMax CLK-CMP Message (0.99.6 to 0.99.8, 6 fields)

clnp: ISO 8473 CLNP ConnectionLess Network Protocol (0.99.0 to 1.0.3, 19 fields)

cltp: ISO 8602 CLTP ConnectionLess Transport Protocol (0.99.0 to 1.0.3, 2 fields)

cmip: X711 CMIP (0.99.0 to 1.0.3, 263 fields)

cmp: Certificate Management Protocol (0.99.0 to 1.0.3, 162 fields)

cmpp: China Mobile Point to Point Protocol (0.99.8 to 1.0.3, 47 fields)

cms: Cryptographic Message Syntax (0.99.0 to 1.0.3, 94 fields)

comp_data: PPP Compressed Datagram (0.99.0 to 1.0.3, 0 fields)

componentstatusprotocol: Component Status Protocol (0.99.2 to 1.0.3, 17 fields)

conv: DCE/RPC Conversation Manager (0.99.0 to 1.0.3, 9 fields)

cops: Common Open Policy Service (0.99.0 to 1.0.3, 162 fields)

cosine: CoSine IPNOS L2 debug output (0.99.0 to 1.0.3, 5 fields)

cotp: ISO 8073 COTP Connection-Oriented Transport Protocol (0.99.0 to 1.0.3, 19 fields)

cpfi: Cross Point Frame Injector (0.99.0 to 1.0.3, 20 fields)

cpha: Check Point High Availability Protocol (0.99.0 to 1.0.3, 53 fields)

cprpc_server: DNS Control Program Server (0.99.0 to 1.0.3, 1 field)

crmf: Certificate Request Message Format (0.99.0 to 1.0.3, 75 fields)

crtp: CRTP (0.99.6 to 1.0.3, 6 fields)

csm_encaps: CSM_ENCAPS (0.99.0 to 1.0.3, 54 fields)

ctdb: Cluster TDB (0.99.6 to 1.0.3, 38 fields)

cups: Common Unix Printing System (CUPS) Browsing Protocol (0.99.0 to 1.0.3, 2 fields)

cwids: Cisco Wireless IDS Captures (0.99.2 to 1.0.3, 8 fields)

D

daap: Digital Audio Access Protocol (0.99.0 to 1.0.3, 2 fields)

dap: X.519 Directory Access Protocol (0.99.0 to 1.0.3, 338 fields)

data: Data (0.99.0 to 1.0.3, 1 field)

data-text-lines: Line-based text data (0.99.0 to 1.0.3, 0 fields)

daytime: Daytime Protocol (0.99.3 to 1.0.3, 1 field)

dc: Dublin Core Metadata (DC) (0.99.0 to 1.0.3, 16 fields)

dcc: Distributed Checksum Clearinghouse protocol (1.0.0 to 1.0.3, 28 fields)

dccp: Datagram Congestion Control Protocol (0.99.0 to 1.0.3, 57 fields)

dce_dfs: DFS Calls (0.99.0 to 0.99.8, 156 fields)

dce_update: DCE/RPC UpServer (0.99.0 to 1.0.3, 1 field)

dcerpc: DCE RPC (0.99.0 to 1.0.3, 159 fields)

dcm: DICOM (0.99.0 to 1.0.3, 16 fields)

dcom: DCOM (0.99.0 to 1.0.3, 94 fields)

dcp: Datagram Congestion Control Protocol (0.99.0 to 1.0.0, 29 fields)

dcp-af: DCP Application Framing Layer (0.99.5 to 1.0.3, 8 fields)

dcp-etsi: ETSI Distribution & Communication Protocol (for DRM) (0.99.5 to 1.0.3, 1 field)

dcp-pft: DCP Protection, Fragmentation & Transport Layer (0.99.5 to 1.0.3, 26 fields)

dcp-tpl: DCP Tag Packet Layer (0.99.5 to 1.0.3, 2 fields)

dct2000: Catapult DCT2000 packet (0.99.2 to 1.0.3, 32 fields)

ddp: Datagram Delivery Protocol (0.99.0 to 1.0.3, 12 fields)

ddtp: Dynamic DNS Tools Protocol (0.99.0 to 1.0.3, 7 fields)

dec_dna: DEC DNA Routing Protocol (0.99.0 to 1.0.3, 58 fields)

dec_stp: DEC Spanning Tree Protocol (0.99.0 to 1.0.3, 17 fields)

dfs: Microsoft Distributed File System (0.99.0 to 0.99.4, 1 field)

dhcpfo: DHCP Failover (0.99.0 to 1.0.3, 34 fields)

dhcpv6: DHCPv6 (0.99.0 to 1.0.3, 6 fields)

diameter: Diameter Protocol (0.99.0 to 1.0.3, 608 fields)

diameter.3gpp.ipaddr: IPv4 Address (0.99.8 to 1.0.1, 0 fields)

diameter.3gpp.mbms_required_qos_prio: Allocation/Retention Priority (0.99.8 to 1.0.1, 0 fields)

diameter.3gpp.mbms_service_id: MBMS Service ID (0.99.8 to 1.0.1, 0 fields)

diameter.3gpp.tmgi: TMGI (0.99.8 to 1.0.1, 0 fields)

diameter3gpp: Diameter 3GPP (0.99.8 to 1.0.3, 4 fields)

dis: Distributed Interactive Simulation (0.99.0 to 1.0.3, 0 fields)

disp: X.519 Directory Information Shadowing Protocol (0.99.0 to 1.0.3, 102 fields)

dispatch: DCOM IDispatch (0.99.0 to 1.0.3, 32 fields)

distcc: Distcc Distributed Compiler (0.99.0 to 1.0.3, 8 fields)

dlm3: Distributed Lock Manager (0.99.8 to 1.0.3, 123 fields)

dlsw: Data Link SWitching (0.99.0 to 1.0.3, 0 fields)

dmp: Direct Message Profile (0.99.5 to 1.0.3, 255 fields)

dnp3: Distributed Network Protocol 3.0 (0.99.0 to 1.0.3, 125 fields)

dns: Domain Name Service (0.99.0 to 1.0.3, 41 fields)

dnsserver: Windows 2000 DNS (0.99.0 to 1.0.3, 2 fields)

docsis: DOCSIS 1.1 (0.99.0 to 1.0.3, 24 fields)

docsis_bpkmattr: DOCSIS Baseline Privacy Key Management Attributes (0.99.0 to 1.0.3, 57 fields)

docsis_bpkmreq: DOCSIS Baseline Privacy Key Management Request (0.99.0 to 1.0.3, 7 fields)