Extract Packet Headers(1) Manual Page

Input

A stream containing a field of packet type.

Output

A stream containing the first field of packet type in the input and fields holding values of various header fields of the packets.

This tool is useful in order to do analytical work on the collected packets.

Ethernet Specific fields

Check this if you want to add record fields for header fields that is specific to ethernet packets. These are:

eth_proto	The active ethernet protocol.
src_mac	The MAC address of the source of the packet.
dst_mac	The MAC address of the destination of the packet.

IP Specific fields

Check this if you want to add record fields for header fields that is specific to IP packets. These are:

src_ip	The IP address of the source of the packet.
dst_ip	The IP address of the destination of the packet.
ip_proto	The active IP protocol.

The fields will hold an appropriate null value for non-IP packets.

ICMP Specific fields

Check this if you want to add record fields for header fields that is specific to ICMP packets. These are:

icmp_type	The ICMP type.
icmp_code	The ICMP code.

The fields will hold an appropriate null value for non-ICMP packets.

UDP Specific fields

Check this if you want to add record fields for header fields that is specific to UDP packets. These are:

src_port	The source port of the packet.
dst_port	The destination port of the packet.

These fields are also appropriate for TCP packets. The fields will hold an appropriate null value for non-UDP/non-TCP packets.

TCP Specific fields

Check this if you want to add record fields for header fields that is specific to IP packets. These are:

src_port	The source port of the packet.
dst_port	The destination port of the packet.

These fields are also appropriate for UDP packets. The following entirely specific to TCP:

tcp_flags	The TCP flags of the packet.
seq	The sequence number of the packet.
ack	The acknowledgement number of the packet.
win	Window size.

These fields will hold an appropriate null value for non-TCP packets.