Data Fields:
We will consider Property members as properties because data fields represent data on the wire for a frame.Properties:
To avoid name collisions, each field should be prefaced by "Property.". To save space, we've left this out in the Field column.|
Field |
Description |
Example |
| Description | The highest level protocol summary description. If TCP is the highest level protocol that is parsed, this property will contain it's description.
We've culminated feedback on these over the years from various experts in specific protocols, but if you have suggestions, we're always happy to hear them. Best to file feedback on our parser site at
http://nmparsers.codeplex.com/.
|
Description.Contains("error") |
| Destination | The Ethernet, IPv4, or IPv6 Address of the frame's origin. Note that both the Source and Destination columns can have aliases applied to them to show a friendly name for a machine based on your configuration or a DNS lookup. Aliases will take precedence, followed by resolved names, and IP address, and finally Ethernet. If you want to show Ethernet or IP address, you can add a column for those properties specifically. | Destination.Contains("192.68") |
| Source | Similar to Destination. |
Source.Contains("srv") |
| UTProcessID | With
unified tracing, process names and IDs are stored in a different property as it's contained with in the packet. ProcessID and ProcessName, on the other hand, are derived outside the scope of the network traffic and therefore have different names and scopes. |
Property.UTProcessID == 1234 |
| UTProcessName | See UTProcessID above. | Property.UTProcessName.Contains("exp") |