Display Filter Reference: SEBEK - Kernel Data Capture
Protocol field name: sebek
Versions: 1.0.0 to 4.4.1
Back to Display Filter Reference
| Field name | Description | Type | Versions |
|---|---|---|---|
| sebek | Command Name | Character string | 1.0.0 to 4.4.1 |
| sebek | Counter | Unsigned integer (32 bits) | 1.0.0 to 4.4.1 |
| sebek | Data | Character string | 1.0.0 to 4.4.1 |
| sebek | File Descriptor | Unsigned integer (32 bits) | 1.0.0 to 4.4.1 |
| sebek | Inode ID | Unsigned integer (32 bits) | 1.0.0 to 4.4.1 |
| sebek | Data Length | Unsigned integer (32 bits) | 1.0.0 to 4.4.1 |
| sebek | Magic | Unsigned integer (32 bits) | 1.0.0 to 4.4.1 |
| sebek | Process ID | Unsigned integer (32 bits) | 1.0.0 to 4.4.1 |
| sebek | Parent Process ID | Unsigned integer (32 bits) | 1.0.0 to 4.4.1 |
| sebek | Socket.Call_id | Unsigned integer (16 bits) | 1.0.0 to 4.4.1 |
| sebek | Socket.remote_ip | IPv4 address | 1.0.0 to 4.4.1 |
| sebek | Socket.remote_port | Unsigned integer (16 bits) | 1.0.0 to 4.4.1 |
| sebek | Socket.ip_proto | Unsigned integer (8 bits) | 1.0.0 to 4.4.1 |
| sebek | Socket.local_ip | IPv4 address | 1.0.0 to 4.4.1 |
| sebek | Socket.local_port | Unsigned integer (16 bits) | 1.0.0 to 4.4.1 |
| sebek | Time | Date and time | 1.0.0 to 4.4.1 |
| sebek | Type | Unsigned integer (16 bits) | 1.0.0 to 4.4.1 |
| sebek | User ID | Unsigned integer (32 bits) | 1.0.0 to 4.4.1 |
| sebek | Version | Unsigned integer (16 bits) | 1.0.0 to 4.4.1 |