Skip to content

Enum: PacketFormatIdEnum

The normalized identifier of the packet capture format.

URI: ocsf:PacketFormatIdEnum

Permissible Values

Value Meaning Description
UNKNOWN None The packet format is unknown
PCAP None Standard libpcap/tcpdump packet capture file format
PCAPNG None Next-generation PCAP format that supports multiple interfaces and enhanced
SNOOP None Solaris/Unix capture format
ERF None Extensible Record Format used by Endace network monitoring hardware
NETMON None Microsoft Network Monitor capture file format
5VIEWS None Accellent 5Views packet capture format
OTHER None The packet format is not mapped

Slots

Name Description
format_id The normalized identifier of the packet capture format

Identifier and Mapping Information

Schema Source

LinkML Source

name: PacketFormatIdEnum
description: The normalized identifier of the packet capture format.
from_schema: https://w3id.org/lmodel/ocsf
rank: 1000
permissible_values:
  UNKNOWN:
    text: UNKNOWN
    description: The packet format is unknown.
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '0'
      caption:
        tag: caption
        value: Unknown
  PCAP:
    text: PCAP
    description: Standard libpcap/tcpdump packet capture file format.
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '1'
      caption:
        tag: caption
        value: PCAP
  PCAPNG:
    text: PCAPNG
    description: 'Next-generation PCAP format that supports multiple interfaces and
      enhanced

      metadata.'
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '2'
      caption:
        tag: caption
        value: PCAPNG
  SNOOP:
    text: SNOOP
    description: Solaris/Unix capture format.
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '3'
      caption:
        tag: caption
        value: Snoop
  ERF:
    text: ERF
    description: Extensible Record Format used by Endace network monitoring hardware.
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '4'
      caption:
        tag: caption
        value: ERF
  NETMON:
    text: NETMON
    description: Microsoft Network Monitor capture file format.
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '5'
      caption:
        tag: caption
        value: NetMon
  5VIEWS:
    text: 5VIEWS
    description: Accellent 5Views packet capture format.
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '6'
      caption:
        tag: caption
        value: 5Views
  OTHER:
    text: OTHER
    description: 'The packet format is not mapped. Refer to the <code>format</code>
      field for the

      original source-specific value.'
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '99'
      caption:
        tag: caption
        value: Other