Appendix A. Ethereal Display Filter Fields
Field |
Field Name |
Type |
cops.ver_flags |
Version and Flags |
Unsigned 8-bit integer |
cops.version |
Version |
Unsigned 8-bit integer |
Common Unix Printing System (CUPS) Browsing Protocol (cups)
Table A-39. Common Unix Printing System (CUPS) Browsing Protocol (cups)
Field |
Field Name |
Type |
cups.ptype |
Type |
Unsigned 32-bit integer |
cups.state |
State |
Unsigned 8-bit integer |
DCE RPC (dcerpc)
Table A-40. DCE RPC (dcerpc)
Field |
Field Name |
Type |
dcerpc.array.actual_count |
Actual Count |
Unsigned 32-bit integer |
dcerpc.array.max_count |
Max Count |
Unsigned 32-bit integer |
dcerpc.array.offset |
Offset |
Unsigned 32-bit integer |
dcerpc.auth_ctx_id |
Auth Context ID |
Unsigned 32-bit integer |
dcerpc.auth_level |
Auth level |
Unsigned 8-bit integer |
dcerpc.auth_pad_len |
Auth pad len |
Unsigned 8-bit integer |
dcerpc.auth_rsrvd |
Auth Rsrvd |
Unsigned 8-bit integer |
dcerpc.auth_type |
Auth type |
Unsigned 8-bit integer |
dcerpc.cn_ack_reason |
Ack reason |
Unsigned 16-bit integer |
dcerpc.cn_ack_result |
Ack result |
Unsigned 16-bit integer |
dcerpc.cn_ack_trans_id |
Transfer Syntax |
String |
dcerpc.cn_ack_trans_ver |
Syntax ver |
Unsigned 32-bit integer |
dcerpc.cn_alloc_hint |
Alloc hint |
Unsigned 32-bit integer |
dcerpc.cn_assoc_group |
Assoc Group |
Unsigned 32-bit integer |
dcerpc.cn_auth_len |
Auth Length |
Unsigned 16-bit integer |
dcerpc.cn_bind_if_ver |
Interface Ver |
Unsigned 16-bit integer |
dcerpc.cn_bind_if_ver_minorInterface Ver Minor |
Unsigned 16-bit integer |
|
|
|
|
dcerpc.cn_bind_to_uuid |
Interface UUID |
String |
dcerpc.cn_bind_trans_id |
Transfer Syntax |
String |
135
Appendix A. Ethereal Display Filter Fields
Field |
Field Name |
Type |
dcerpc.cn_bind_trans_ver |
Syntax ver |
Unsigned 32-bit integer |
dcerpc.cn_call_id |
Call ID |
Unsigned 32-bit integer |
dcerpc.cn_cancel_count |
Cancel count |
Unsigned 8-bit integer |
dcerpc.cn_ctx_id |
Context ID |
Unsigned 16-bit integer |
dcerpc.cn_flags |
Packet Flags |
Unsigned 8-bit integer |
dcerpc.cn_flags.cancel_pendingCancel Pending |
Boolean |
|
|
|
|
dcerpc.cn_flags.dne |
Did Not Execute |
Boolean |
dcerpc.cn_flags.first_frag |
First Frag |
Boolean |
dcerpc.cn_flags.last_frag |
Last Frag |
Boolean |
dcerpc.cn_flags.maybe |
Maybe |
Boolean |
dcerpc.cn_flags.mpx |
Multiplex |
Boolean |
dcerpc.cn_flags.object |
Object |
Boolean |
dcerpc.cn_flags.reserved |
Reserved |
Boolean |
dcerpc.cn_frag_len |
Frag Length |
Unsigned 16-bit integer |
dcerpc.cn_max_recv |
Max Recv Frag |
Unsigned 16-bit integer |
dcerpc.cn_max_xmit |
Max Xmit Frag |
Unsigned 16-bit integer |
dcerpc.cn_num_ctx_items |
Num Ctx Items |
Unsigned 8-bit integer |
dcerpc.cn_num_protocols |
Number of protocols |
Unsigned 8-bit integer |
dcerpc.cn_num_results |
Num results |
Unsigned 8-bit integer |
dcerpc.cn_num_trans_itemsNum Trans Items |
Unsigned 16-bit integer |
|
|
|
|
dcerpc.cn_protocol_ver_majorP otocol major version |
Unsigned 8-bit integer |
|
|
|
|
dcerpc.cn_protocol_ver_minorProtocol minor version |
Unsigned 8-bit integer |
|
|
|
|
dcerpc.cn_reject_reason |
Reject reason |
Unsigned 16-bit integer |
dcerpc.cn_sec_addr |
Scndry Addr |
String |
dcerpc.cn_sec_addr_len |
Scndry Addr len |
Unsigned 16-bit integer |
dcerpc.cn_status |
Status |
Unsigned 32-bit integer |
dcerpc.dg_act_id |
Activitiy |
String |
dcerpc.dg_ahint |
Activity Hint |
Unsigned 16-bit integer |
dcerpc.dg_auth_proto |
Auth proto |
Unsigned 8-bit integer |
dcerpc.dg_cancel_id |
Cancel ID |
Unsigned 32-bit integer |
dcerpc.dg_cancel_vers |
Cancel Version |
Unsigned 32-bit integer |
dcerpc.dg_flags1 |
Flags1 |
Unsigned 8-bit integer |
136
Appendix A. Ethereal Display Filter Fields
Field |
Field Name |
Type |
dcerpc.dg_flags1_broadcast |
Broadcast |
Boolean |
|
|
|
dcerpc.dg_flags1_frag |
Fragment |
Boolean |
dcerpc.dg_flags1_idempotentIdempotent |
Boolean |
|
|
|
|
dcerpc.dg_flags1_last_frag |
Last Fragment |
Boolean |
dcerpc.dg_flags1_maybe |
Maybe |
Boolean |
dcerpc.dg_flags1_nofack |
No Fack |
Boolean |
dcerpc.dg_flags1_rsrvd_01 |
Reserved |
Boolean |
dcerpc.dg_flags1_rsrvd_80 |
Reserved |
Boolean |
dcerpc.dg_flags2 |
Flags2 |
Unsigned 8-bit integer |
dcerpc.dg_flags2_cancel_pendiCancelg Pending |
Boolean |
|
|
|
|
dcerpc.dg_flags2_rsrvd_01 |
Reserved |
Boolean |
dcerpc.dg_flags2_rsrvd_04 |
Reserved |
Boolean |
dcerpc.dg_flags2_rsrvd_08 |
Reserved |
Boolean |
dcerpc.dg_flags2_rsrvd_10 |
Reserved |
Boolean |
dcerpc.dg_flags2_rsrvd_20 |
Reserved |
Boolean |
dcerpc.dg_flags2_rsrvd_40 |
Reserved |
Boolean |
dcerpc.dg_flags2_rsrvd_80 |
Reserved |
Boolean |
dcerpc.dg_frag_len |
Fragment len |
Unsigned 16-bit integer |
dcerpc.dg_frag_num |
Fragment num |
Unsigned 16-bit integer |
dcerpc.dg_if_id |
Interface |
String |
dcerpc.dg_if_ver |
Interface Ver |
Unsigned 32-bit integer |
dcerpc.dg_ihint |
Interface Hint |
Unsigned 16-bit integer |
dcerpc.dg_seqnum |
Sequence num |
Unsigned 32-bit integer |
dcerpc.dg_serial_hi |
Serial High |
Unsigned 8-bit integer |
dcerpc.dg_serial_lo |
Serial Low |
Unsigned 8-bit integer |
dcerpc.dg_server_boot |
Server boot time |
Unsigned 32-bit integer |
dcerpc.dg_status |
Status |
Unsigned 32-bit integer |
dcerpc.drep |
Data Representation |
Byte array |
dcerpc.drep.byteorder |
Byte order |
Unsigned 8-bit integer |
dcerpc.drep.character |
Character |
Unsigned 8-bit integer |
dcerpc.drep.fp |
Floating-point |
Unsigned 8-bit integer |
dcerpc.fack_max_frag_size |
Max Frag Size |
Unsigned 32-bit integer |
|
|
|
dcerpc.fack_max_tsdu |
Max TSDU |
Unsigned 32-bit integer |
137
Appendix A. Ethereal Display Filter Fields
Field |
Field Name |
Type |
dcerpc.fack_selack |
Selective ACK |
Unsigned 32-bit integer |
dcerpc.fack_selack_len |
Selective ACK Len |
Unsigned 16-bit integer |
dcerpc.fack_serial_num |
Serial Num |
Unsigned 16-bit integer |
dcerpc.fack_vers |
FACK Version |
Unsigned 8-bit integer |
dcerpc.fack_window size |
Window Size |
Unsigned 16-bit integer |
dcerpc.fragment |
DCE/RPC Fragment |
No value |
dcerpc.fragment.error |
Defragmentation error |
No value |
dcerpc.fragment.multipletailsMultiple |
tail fragments |
Boolean |
|
found |
|
dcerpc.fragment.overlap |
Fragment overlap |
Boolean |
dcerpc.fragment.overlap.conflictConflicting data in |
Boolean |
|
|
fragment overlap |
|
dcerpc.fragment.toolongfragmentFragment too long |
Boolean |
|
|
|
|
dcerpc.fragments |
DCE/RPC Fragments |
No value |
dcerpc.obj_id |
Object |
String |
dcerpc.op |
Operation |
Unsigned 16-bit integer |
dcerpc.opnum |
Opnum |
Unsigned 16-bit integer |
dcerpc.pkt_type |
Packet type |
Unsigned 8-bit integer |
dcerpc.referent_id |
Referent ID |
Unsigned 32-bit integer |
dcerpc.request_in |
Request in |
Unsigned 32-bit integer |
dcerpc.response_in |
Response in |
Unsigned 32-bit integer |
dcerpc.server_accepting_cancelsServer accepting cancels |
Boolean |
|
|
|
|
dcerpc.ver |
Version |
Unsigned 8-bit integer |
dcerpc.ver_minor |
Version (minor) |
Unsigned 8-bit integer |
DCE/RPC Conversation Manager (conv)
Table A-41. DCE/RPC Conversation Manager (conv)
Field |
Field Name |
Type |
|
|
|
138