Display Filter Reference: Internet Protocol Version 4

Protocol field name: ip

Versions: 1.0.0 to 3.4.5

Back to Display Filter Reference

Field name Description Type Versions
ip.addr Source or Destination Address IPv4 address 1.0.0 to 3.4.5
ip.bogus_header_length Bogus IP header length Label 3.0.0 to 3.4.5
ip.bogus_ip_length Bogus IP length Label 1.12.0 to 3.4.5
ip.bogus_ip_version Bogus IP version Label 2.0.0 to 3.4.5
ip.checksum Header Checksum Unsigned integer, 2 bytes 1.0.0 to 3.4.5
ip.checksum.status Header checksum status Unsigned integer, 1 byte 2.2.0 to 3.4.5
ip.checksum_bad Bad Boolean 1.0.0 to 2.0.16
ip.checksum_bad.expert Bad checksum Label 1.12.0 to 3.4.5
ip.checksum_calculated Calculated Checksum Unsigned integer, 2 bytes 1.12.0 to 3.4.5
ip.checksum_good Good Boolean 1.0.0 to 2.0.16
ip.cipso.categories Categories Character string 2.0.0 to 3.4.5
ip.cipso.doi DOI Unsigned integer, 4 bytes 2.0.0 to 3.4.5
ip.cipso.malformed Malformed CIPSO tag Label 2.0.0 to 3.4.5
ip.cipso.sensitivity_level Sensitivity Level Unsigned integer, 1 byte 2.0.0 to 3.4.5
ip.cipso.tag_data Tag data Sequence of bytes 2.0.0 to 3.4.5
ip.cipso.tag_type Tag Type Unsigned integer, 1 byte 2.0.0 to 3.4.5
ip.cur_rt Current Route IPv4 address 1.8.0 to 3.4.5
ip.cur_rt_host Current Route Host Character string 1.8.0 to 3.4.5
ip.dsfield Differentiated Services Field Unsigned integer, 1 byte 1.0.0 to 3.4.5
ip.dsfield.ce ECN-CE Unsigned integer, 1 byte 1.0.0 to 1.4.15
ip.dsfield.dscp Differentiated Services Codepoint Unsigned integer, 1 byte 1.0.0 to 3.4.5
ip.dsfield.ecn Explicit Congestion Notification Unsigned integer, 1 byte 1.6.0 to 3.4.5
ip.dsfield.ect ECN-Capable Transport (ECT) Unsigned integer, 1 byte 1.0.0 to 1.4.15
ip.dst Destination Address IPv4 address 1.0.0 to 3.4.5
ip.dst_host Destination Host Character string 1.0.0 to 3.4.5
ip.empty_rt Empty Route IPv4 address 1.8.0 to 3.4.5
ip.empty_rt_host Empty Route Host Character string 1.8.0 to 3.4.5
ip.evil_packet Packet has evil intent Label 1.12.0 to 3.4.5
ip.flags Flags Unsigned integer, 1 byte 1.0.0 to 3.4.5
ip.flags.df Don\'t fragment Boolean 1.0.0 to 3.4.5
ip.flags.mf More fragments Boolean 1.0.0 to 3.4.5
ip.flags.rb Reserved bit Boolean 1.0.0 to 3.4.5
ip.flags.sf Security flag Boolean 1.4.0 to 3.4.5
ip.frag_offset Fragment Offset Unsigned integer, 2 bytes 1.0.0 to 3.4.5
ip.fragment IPv4 Fragment Frame number 1.0.0 to 3.4.5
ip.fragment.count Fragment count Unsigned integer, 4 bytes 1.6.0 to 3.4.5
ip.fragment.error Defragmentation error Frame number 1.0.0 to 3.4.5
ip.fragment.multipletails Multiple tail fragments found Boolean 1.0.0 to 3.4.5
ip.fragment.overlap Fragment overlap Boolean 1.0.0 to 3.4.5
ip.fragment.overlap.conflict Conflicting data in fragment overlap Boolean 1.0.0 to 3.4.5
ip.fragment.toolongfragment Fragment too long Boolean 1.0.0 to 3.4.5
ip.fragments IPv4 Fragments Sequence of bytes 1.0.0 to 3.4.5
ip.geoip.asnum Source or Destination GeoIP AS Number Unsigned integer, 4 bytes 1.2.1 to 3.4.5
ip.geoip.city Source or Destination GeoIP City Character string 1.2.1 to 3.4.5
ip.geoip.country Source or Destination GeoIP Country Character string 1.2.1 to 3.4.5
ip.geoip.country_iso Source or Destination GeoIP ISO Two Letter Country Code Character string 2.6.0 to 3.4.5
ip.geoip.dst_asnum Destination GeoIP AS Number Unsigned integer, 4 bytes 1.2.1 to 3.4.5
ip.geoip.dst_city Destination GeoIP City Character string 1.2.1 to 3.4.5
ip.geoip.dst_country Destination GeoIP Country Character string 1.2.1 to 3.4.5
ip.geoip.dst_country_iso Destination GeoIP ISO Two Letter Country Code Character string 2.6.0 to 3.4.5
ip.geoip.dst_isp Destination GeoIP ISP Character string 1.2.1 to 2.4.16
ip.geoip.dst_lat Destination GeoIP Latitude Floating point (double-precision) 1.2.1 to 3.4.5
ip.geoip.dst_lon Destination GeoIP Longitude Floating point (double-precision) 1.2.1 to 3.4.5
ip.geoip.dst_org Destination GeoIP AS Organization Character string 1.2.1 to 3.4.5
ip.geoip.dst_summary Destination GeoIP Character string 2.6.0 to 3.4.5
ip.geoip.isp Source or Destination GeoIP ISP Character string 1.2.1 to 2.4.16
ip.geoip.lat Source or Destination GeoIP Latitude Floating point (double-precision) 1.2.1 to 3.4.5
ip.geoip.lon Source or Destination GeoIP Longitude Floating point (double-precision) 1.2.1 to 3.4.5
ip.geoip.org Source or Destination GeoIP AS Organization Character string 1.2.1 to 3.4.5
ip.geoip.src_asnum Source GeoIP AS Number Unsigned integer, 4 bytes 1.2.1 to 3.4.5
ip.geoip.src_city Source GeoIP City Character string 1.2.1 to 3.4.5
ip.geoip.src_country Source GeoIP Country Character string 1.2.1 to 3.4.5
ip.geoip.src_country_iso Source GeoIP ISO Two Letter Country Code Character string 2.6.0 to 3.4.5
ip.geoip.src_isp Source GeoIP ISP Character string 1.2.1 to 2.4.16
ip.geoip.src_lat Source GeoIP Latitude Floating point (double-precision) 1.2.1 to 3.4.5
ip.geoip.src_lon Source GeoIP Longitude Floating point (double-precision) 1.2.1 to 3.4.5
ip.geoip.src_org Source GeoIP AS Organization Character string 1.2.1 to 3.4.5
ip.geoip.src_summary Source GeoIP Character string 2.6.0 to 3.4.5
ip.hdr_len Header Length Unsigned integer, 1 byte 1.0.0 to 3.4.5
ip.host Source or Destination Host Character string 1.0.0 to 3.4.5
ip.id Identification Unsigned integer, 2 bytes 1.0.0 to 3.4.5
ip.len Total Length Unsigned integer, 2 bytes 1.0.0 to 3.4.5
ip.nop 4 NOP in a row - a router may have removed some options Label 1.12.0 to 3.4.5
ip.opt.addr IP Address IPv4 address 1.8.0 to 3.4.5
ip.opt.ext_sec_add_sec_info Additional Security Info Sequence of bytes 1.8.0 to 3.4.5
ip.opt.ext_sec_add_sec_info_format_code Additional Security Info Format Code Unsigned integer, 1 byte 1.8.0 to 3.4.5
ip.opt.flag Flag Unsigned integer, 1 byte 2.0.0 to 3.4.5
ip.opt.id_number ID Number Unsigned integer, 2 bytes 1.8.0 to 3.4.5
ip.opt.len Length Unsigned integer, 1 byte 1.8.0 to 3.4.5
ip.opt.len.invalid Invalid length for option Label 1.12.0 to 3.4.5
ip.opt.mtu MTU Unsigned integer, 2 bytes 1.8.0 to 3.4.5
ip.opt.ohc Outbound Hop Count Unsigned integer, 2 bytes 1.8.0 to 3.4.5
ip.opt.originator Originator IP Address IPv4 address 1.8.0 to 3.4.5
ip.opt.overflow Overflow Unsigned integer, 1 byte 2.0.0 to 3.4.5
ip.opt.padding Padding Sequence of bytes 1.8.0 to 3.4.5
ip.opt.ptr Pointer Unsigned integer, 1 byte 1.8.0 to 3.4.5
ip.opt.ptr.before_address Pointer points before first address Label 1.12.0 to 3.4.5
ip.opt.ptr.middle_address Pointer points to middle of address Label 1.12.0 to 3.4.5
ip.opt.qs_func Function Unsigned integer, 1 byte 1.8.0 to 3.4.5
ip.opt.qs_nonce QS Nonce Unsigned integer, 4 bytes 1.8.0 to 3.4.5
ip.opt.qs_rate Rate Unsigned integer, 1 byte 1.8.0 to 3.4.5
ip.opt.qs_reserved Reserved Unsigned integer, 4 bytes 1.8.0 to 3.4.5
ip.opt.qs_ttl QS TTL Unsigned integer, 1 byte 1.8.0 to 3.4.5
ip.opt.qs_ttl_diff TTL Diff Unsigned integer, 1 byte 1.8.0 to 3.4.5
ip.opt.qs_unused Not Used Unsigned integer, 1 byte 1.8.0 to 3.4.5
ip.opt.ra Router Alert Unsigned integer, 2 bytes 1.8.0 to 3.4.5
ip.opt.rhc Return Hop Count Unsigned integer, 2 bytes 1.8.0 to 3.4.5
ip.opt.sec_cl Classification Level Unsigned integer, 1 byte 1.8.0 to 3.4.5
ip.opt.sec_prot_auth_doe DOE Boolean 1.8.0 to 3.4.5
ip.opt.sec_prot_auth_flags Protection Authority Flags Unsigned integer, 1 byte 1.8.0 to 3.4.5
ip.opt.sec_prot_auth_fti Field Termination Indicator Boolean 1.8.0 to 3.4.5
ip.opt.sec_prot_auth_genser GENSER Boolean 1.8.0 to 3.4.5
ip.opt.sec_prot_auth_nsa NSA Boolean 1.8.0 to 3.4.5
ip.opt.sec_prot_auth_sci SCI Boolean 1.8.0 to 3.4.5
ip.opt.sec_prot_auth_siop_esi SIOP-ESI Boolean 1.8.0 to 3.4.5
ip.opt.sec_prot_auth_unassigned Unassigned Unsigned integer, 1 byte 1.8.0 to 3.4.5
ip.opt.sec_rfc791_comp Compartments Unsigned integer, 2 bytes 1.8.0 to 3.4.5
ip.opt.sec_rfc791_hr Handling Restrictions Character string 1.8.0 to 3.4.5
ip.opt.sec_rfc791_sec Security Unsigned integer, 1 byte 1.8.0 to 3.4.5
ip.opt.sec_rfc791_tcc Transmission Control Code Character string 1.8.0 to 3.4.5
ip.opt.sid Stream Identifier Unsigned integer, 2 bytes 1.8.0 to 3.4.5
ip.opt.time_stamp Time stamp Unsigned integer, 4 bytes 2.0.0 to 3.4.5
ip.opt.time_stamp_addr Address IPv4 address 2.0.0 to 3.4.5
ip.opt.type Type Unsigned integer, 1 byte 1.8.0 to 3.4.5
ip.opt.type.class Class Unsigned integer, 1 byte 1.8.0 to 3.4.5
ip.opt.type.copy Copy on fragmentation Boolean 1.8.0 to 3.4.5
ip.opt.type.number Number Unsigned integer, 1 byte 1.8.0 to 3.4.5
ip.proto Protocol Unsigned integer, 1 byte 1.0.0 to 3.4.5
ip.reassembled.data Reassembled IPv4 data Sequence of bytes 1.10.0 to 3.4.5
ip.reassembled.length Reassembled IPv4 length Unsigned integer, 4 bytes 1.4.0 to 3.4.5
ip.reassembled_in Reassembled IPv4 in frame Frame number 1.0.0 to 3.4.5
ip.rec_rt Recorded Route IPv4 address 1.8.0 to 3.4.5
ip.rec_rt_host Recorded Route Host Character string 1.8.0 to 3.4.5
ip.src Source Address IPv4 address 1.0.0 to 3.4.5
ip.src_host Source Host Character string 1.0.0 to 3.4.5
ip.src_rt Source Route IPv4 address 1.8.0 to 3.4.5
ip.src_rt_host Source Route Host Character string 1.8.0 to 3.4.5
ip.subopt_too_long Suboption would go past end of option Label 1.12.0 to 3.4.5
ip.tos Type of Service Unsigned integer, 1 byte 1.0.0 to 3.4.5
ip.tos.cost Cost Boolean 1.0.0 to 3.4.5
ip.tos.delay Delay Boolean 1.0.0 to 3.4.5
ip.tos.precedence Precedence Unsigned integer, 1 byte 1.0.0 to 3.4.5
ip.tos.reliability Reliability Boolean 1.0.0 to 3.4.5
ip.tos.throughput Throughput Boolean 1.0.0 to 3.4.5
ip.ttl Time to Live Unsigned integer, 1 byte 1.0.0 to 3.4.5
ip.ttl.lncb Time To Live Label 1.12.0 to 3.4.5
ip.ttl.too_small Time To Live Label 1.12.0 to 3.4.5
ip.version Version Unsigned integer, 1 byte 1.0.0 to 3.4.5
Go Beyond with Riverbed Technology

Riverbed is Wireshark's primary sponsor and provides our funding. They also make great products that fully integrate with Wireshark.

I have a lot of traffic...

ANSWER: SteelCentral™ AppResponse 11
  • • Full stack analysis – from packets to pages
  • • Rich performance metrics & pre-defined insights for fast problem identification/resolution
  • • Modular, flexible solution for deeply-analyzing network & application performance
Learn More