다음을 통해 공유


Network Monitor FrameVariable Filtering

Data Fields:

We will consider FrameVariable's members as properties because data fields represent data on the wire for a frame.

Properties:

To avoid [[Network Monitor Name Collisions | name collisions]], each field should be prefaced by "FrameVariable.".  To save space, we've left this out in the Field column.

Field

Description

Example

FrameNumber The 0-based index of the frame in the capture file.  This means frame 1 is 0 when using FrameNumber while filtering.
FrameVariable.FrameNumber == 0
TimeOfDay Unfortunately you can't filter on a date string.  However you can convert it to a long value using the right click add as filter feature when clicking the Time of Day column in the UI.  This value is the 64 bit representation of a time value. FrameVariable.TimeOfDay == 129222852861360590
TimeDateLocalAdjusted The Time and Date Stamp of the captured frame adjusted to your local time zone. Unfortunately you can't filter on a date string.  However you can convert it to a long value using the right click add as filter feature when clicking the Time of Day column in the UI.  This value is the 64 bit representation of a time value. FrameVariable.TimeDateLocalAdjusted == 129222852861360590
TimeDelta When displayed as a column in the UI, this is the delta from the last displayed frame.  However, when used as a filter this is the time delta from the last physical frame in the capture.  You can always save a filtered trace if you need to filter a time data based on a subset of the total traffic.  The example shows frames where the response from the last frame is greater than 1 second. FrameVariable.TimeDelta > 10000000
TimeOffset Time offset of the frame in relationship to the time stamp of the capture file. This is usually when the capture was started. For instance the time stamp of the first frame could be greater than zero if it's a circular capture and the oldest frames have been overwritten. This example shows all frames greater than 1 second into the trace. FrameVariable.Offset > 10000000
CommentTitle This represents a comment title if a frame comment has been added to your trace.  You can add as a column in the UI or use it in a filter to find frames.  One application of this would be to mark frames with certain attributes and then filter to find frames that match. FrameVariable.CommentTitle.Contains("test")
MediaType As the Network Capture Format can hold frames from multiple interfaces, each frame can have a different media type.  The example looks for frames that are Ethernet. FrameVariable.MediaType==1
FrameData Represents all the data in a frame.  A main scenario is searching all frame data using ContainsBin as the example shows. ContainsBin(FrameData, HEX, "12 A9")
ConvID Represents all the data in a frame.  A main scenario is searching all frame data using ContainsBin as the example shows. FrameVariable.ConvID.Contains("12")

Return to the List of Top Level Protocols

Network Monitor Blog