Display Filter Reference: Executable and Linkable Format
Protocol field name: elf
Versions: 1.12.0 to 3.4.5
Back to Display Filter Reference
| Field name | Description | Type | Versions |
|---|---|---|---|
| elf.abi_version | ABI Version | Unsigned integer, 1 byte | 1.12.0 to 3.4.5 |
| elf.blackhole_size | Blackhole size | Unsigned integer, 4 bytes | 2.0.0 to 3.4.5 |
| elf.blackholes_size | Total blackholes size | Unsigned integer, 4 bytes | 2.0.0 to 3.4.5 |
| elf.cfi_extraneous_data | Segment size is larger than CFI records combined | Label | 2.0.0 to 3.4.5 |
| elf.data_encoding | Data Encoding | Unsigned integer, 1 byte | 1.12.0 to 3.4.5 |
| elf.dwarf.format | DWARF Exception Header value format | Unsigned integer, 1 byte | 1.12.0 to 3.4.5 |
| elf.dwarf.omit | DW_EH_PE_omit | Unsigned integer, 1 byte | 1.12.0 to 3.4.5 |
| elf.dwarf.upper | DWARF Exception Header application | Unsigned integer, 1 byte | 1.12.0 to 3.4.5 |
| elf.dynamic.ignored | Ignored | Unsigned integer, 4 bytes | 1.12.0 to 3.4.5 |
| elf.dynamic.ignored64 | Ignored | Unsigned integer, 8 bytes | 2.2.0 to 3.4.5 |
| elf.dynamic.pointer | Pointer | Unsigned integer, 4 bytes | 1.12.0 to 3.4.5 |
| elf.dynamic.pointer64 | Pointer | Unsigned integer, 8 bytes | 2.2.0 to 3.4.5 |
| elf.dynamic.tag | Tag | Unsigned integer, 4 bytes | 1.12.0 to 3.4.5 |
| elf.dynamic.tag64 | Tag | Unsigned integer, 8 bytes | 2.2.0 to 3.4.5 |
| elf.dynamic.unspecified | Unspecified | Unsigned integer, 4 bytes | 1.12.0 to 3.4.5 |
| elf.dynamic.unspecified64 | Unspecified | Unsigned integer, 8 bytes | 2.2.0 to 3.4.5 |
| elf.dynamic.value | Value | Unsigned integer, 4 bytes | 1.12.0 to 3.4.5 |
| elf.dynamic.value64 | Value | Unsigned integer, 8 bytes | 2.2.0 to 3.4.5 |
| elf.eh_frame.augmentation_data | Augmentation Data | Sequence of bytes | 1.12.0 to 3.4.5 |
| elf.eh_frame.augmentation_length | Augmentation Length | Unsigned integer, 8 bytes | 1.12.0 to 3.4.5 |
| elf.eh_frame.augmentation_string | Augmentation String | Character string | 1.12.3 to 3.4.5 |
| elf.eh_frame.cie_id | CIE ID | Unsigned integer, 4 bytes | 1.12.0 to 3.4.5 |
| elf.eh_frame.code_alignment_factor | Code Alignment Factor | Unsigned integer, 8 bytes | 1.12.0 to 3.4.5 |
| elf.eh_frame.data_alignment_factor | Data Alignment Factor | Signed integer, 8 bytes | 1.12.0 to 3.4.5 |
| elf.eh_frame.extended_length | Extended Length | Unsigned integer, 8 bytes | 2.0.0 to 3.4.5 |
| elf.eh_frame.fde.augmentation_data | Augmentation Data | Sequence of bytes | 1.12.0 to 3.4.5 |
| elf.eh_frame.fde.augmentation_length | Augmentation Length | Unsigned integer, 8 bytes | 1.12.0 to 3.4.5 |
| elf.eh_frame.fde.call_frame_instructions | Call Frame Instructions | Sequence of bytes | 1.12.0 to 3.4.5 |
| elf.eh_frame.fde.cie_pointer | CIE Pointer | Unsigned integer, 4 bytes | 1.12.0 to 3.4.5 |
| elf.eh_frame.fde.extended_length | Extended Length | Unsigned integer, 8 bytes | 2.0.0 to 3.4.5 |
| elf.eh_frame.fde.length | Length | Unsigned integer, 4 bytes | 1.12.0 to 3.4.5 |
| elf.eh_frame.fde.pc_begin | PC Begin | Unsigned integer, 4 bytes | 1.12.0 to 3.4.5 |
| elf.eh_frame.fde.pc_range | PC Range | Unsigned integer, 4 bytes | 1.12.0 to 3.4.5 |
| elf.eh_frame.initial_instructions | Initial Instructions | Sequence of bytes | 1.12.0 to 3.4.5 |
| elf.eh_frame.length | Length | Unsigned integer, 4 bytes | 1.12.0 to 3.4.5 |
| elf.eh_frame.return_address_register | Return Address Register | Unsigned integer, 8 bytes | 1.12.0 to 3.4.5 |
| elf.eh_frame.version | Version | Unsigned integer, 1 byte | 1.12.0 to 3.4.5 |
| elf.eh_frame_hdr.binary_search_table_encoding | Binary Search Table Encoding | Unsigned integer, 1 byte | 1.12.0 to 3.4.5 |
| elf.eh_frame_hdr.binary_search_table_entry.address | Address | Sequence of bytes | 1.12.0 to 3.4.5 |
| elf.eh_frame_hdr.binary_search_table_entry.initial_location | Initial location | Sequence of bytes | 1.12.0 to 3.4.5 |
| elf.eh_frame_hdr.eh_frame_ptr | Exception Frame Pointer | Sequence of bytes | 1.12.0 to 3.4.5 |
| elf.eh_frame_hdr.eh_frame_ptr_enc | Exception Frame Pointer Encoding | Unsigned integer, 1 byte | 1.12.0 to 3.4.5 |
| elf.eh_frame_hdr.fde_count | Number of FDE entries | Unsigned integer, 8 bytes | 1.12.0 to 3.4.5 |
| elf.eh_frame_hdr.fde_count_enc | FDE Count Encoding | Unsigned integer, 1 byte | 1.12.0 to 3.4.5 |
| elf.eh_frame_hdr.version | Version | Unsigned integer, 1 byte | 1.12.0 to 3.4.5 |
| elf.ehsize | ELF Header Size | Unsigned integer, 2 bytes | 1.12.0 to 3.4.5 |
| elf.entry | Entry | Unsigned integer, 4 bytes | 1.12.0 to 3.4.5 |
| elf.entry64 | Entry | Unsigned integer, 8 bytes | 2.2.0 to 3.4.5 |
| elf.entry_bytes | Entry | Sequence of bytes | 2.0.0 to 3.4.5 |
| elf.file_class | File Class | Unsigned integer, 1 byte | 1.12.0 to 3.4.5 |
| elf.file_padding | File Padding | Sequence of bytes | 1.12.0 to 3.4.5 |
| elf.file_size | File size | Unsigned integer, 4 bytes | 2.0.0 to 3.4.5 |
| elf.file_version | File Version | Unsigned integer, 1 byte | 1.12.0 to 3.4.5 |
| elf.flags | Flags | Unsigned integer, 4 bytes | 1.12.0 to 3.4.5 |
| elf.header_segment_size | Header size + all segment size | Unsigned integer, 4 bytes | 2.0.0 to 3.4.5 |
| elf.invalid_cie_length | CIE length is too small or larger than segment size | Label | 2.0.0 to 3.4.5 |
| elf.invalid_entry_size | Entry size is different then currently parsed bytes | Label | 1.12.0 to 3.4.5 |
| elf.invalid_segment_size | Segment size is different then currently parsed bytes | Label | 1.12.0 to 3.4.5 |
| elf.machine | Machine | Unsigned integer, 2 bytes | 1.12.0 to 3.4.5 |
| elf.magic_bytes | Magic Bytes | Sequence of bytes | 1.12.0 to 3.4.5 |
| elf.os_abi | OS ABI | Unsigned integer, 1 byte | 1.12.0 to 3.4.5 |
| elf.overlapping_size | Overlapping size | Unsigned integer, 4 bytes | 2.0.0 to 3.4.5 |
| elf.p_align | Align | Unsigned integer, 4 bytes | 1.12.0 to 3.4.5 |
| elf.p_align64 | Align | Unsigned integer, 8 bytes | 2.2.0 to 3.4.5 |
| elf.p_filesz | File Image Size | Unsigned integer, 4 bytes | 1.12.0 to 3.4.5 |
| elf.p_filesz64 | File Image Size | Unsigned integer, 8 bytes | 2.2.0 to 3.4.5 |
| elf.p_flags.execute | Execute Flag | Boolean | 1.12.0 to 3.4.5 |
| elf.p_flags.maskos | Operating System Specific Flags | Boolean | 1.12.0 to 3.4.5 |
| elf.p_flags.maskproc | Processor Specific Flags | Boolean | 1.12.0 to 3.4.5 |
| elf.p_flags.read | Read Flag | Boolean | 1.12.0 to 3.4.5 |
| elf.p_flags.reserved | Reserved Flags | Boolean | 1.12.0 to 3.4.5 |
| elf.p_flags.write | Write Flag | Boolean | 1.12.0 to 3.4.5 |
| elf.p_memsz | Memory Image Size | Unsigned integer, 4 bytes | 1.12.0 to 3.4.5 |
| elf.p_memsz64 | Memory Image Size | Unsigned integer, 8 bytes | 2.2.0 to 3.4.5 |
| elf.p_offset | File Offset | Unsigned integer, 4 bytes | 1.12.0 to 3.4.5 |
| elf.p_offset64 | File Offset | Unsigned integer, 8 bytes | 2.2.0 to 3.4.5 |
| elf.p_paddr | Physical Address | Unsigned integer, 4 bytes | 1.12.0 to 3.4.5 |
| elf.p_paddr64 | Physical Address | Unsigned integer, 8 bytes | 2.2.0 to 3.4.5 |
| elf.p_type | Element Type | Unsigned integer, 4 bytes | 1.12.0 to 3.4.5 |
| elf.p_vaddr | Virtual Address | Unsigned integer, 4 bytes | 1.12.0 to 3.4.5 |
| elf.p_vaddr64 | Virtual Address | Unsigned integer, 8 bytes | 2.2.0 to 3.4.5 |
| elf.phentsize | Entry Size in Program Header Table | Unsigned integer, 2 bytes | 1.12.0 to 3.4.5 |
| elf.phnum | Number of Entries in the Program Header Table | Unsigned integer, 2 bytes | 1.12.0 to 3.4.5 |
| elf.phoff | Program Header Table File Offset | Unsigned integer, 4 bytes | 1.12.0 to 3.4.5 |
| elf.phoff64 | Program Header Table File Offset | Unsigned integer, 8 bytes | 2.2.0 to 3.4.5 |
| elf.segment | Segment | Sequence of bytes | 2.0.0 to 3.4.5 |
| elf.sh_addr | Address | Unsigned integer, 4 bytes | 1.12.0 to 3.4.5 |
| elf.sh_addr64 | Address | Unsigned integer, 8 bytes | 2.2.0 to 3.4.5 |
| elf.sh_addralign | Address Alignment | Unsigned integer, 4 bytes | 1.12.0 to 3.4.5 |
| elf.sh_addralign64 | Address Alignment | Unsigned integer, 8 bytes | 2.2.0 to 3.4.5 |
| elf.sh_entsize | Entry Size | Unsigned integer, 4 bytes | 1.12.0 to 3.4.5 |
| elf.sh_entsize64 | Entry Size | Unsigned integer, 8 bytes | 2.2.0 to 3.4.5 |
| elf.sh_flags.alloc | Alloc Flag | Boolean | 1.12.0 to 3.4.5 |
| elf.sh_flags.exec_instr | Exec Instr Flag | Boolean | 1.12.0 to 3.4.5 |
| elf.sh_flags.group | Group Flag | Boolean | 1.12.0 to 3.4.5 |
| elf.sh_flags.info_link | Info Link Flag | Boolean | 1.12.0 to 3.4.5 |
| elf.sh_flags.link_order | Link Order Flag | Boolean | 1.12.0 to 3.4.5 |
| elf.sh_flags.maskos | Operating System Specific Flags | Boolean | 1.12.0 to 3.4.5 |
| elf.sh_flags.maskproc | Processor Specific Flags | Boolean | 1.12.0 to 3.4.5 |
| elf.sh_flags.merge | Merge Flag | Boolean | 1.12.0 to 3.4.5 |
| elf.sh_flags.os_nonconforming | OS NonConforming Flag | Boolean | 1.12.0 to 3.4.5 |
| elf.sh_flags.reserved | Reserved | Boolean | 1.12.0 to 3.4.5 |
| elf.sh_flags.reserved.8 | Reserved | Boolean | 1.12.0 to 3.4.5 |
| elf.sh_flags.strings | Strings Flag | Boolean | 1.12.0 to 3.4.5 |
| elf.sh_flags.tls | TLS Flag | Boolean | 1.12.0 to 3.4.5 |
| elf.sh_flags.write | Write Flag | Boolean | 1.12.0 to 3.4.5 |
| elf.sh_info | Info | Unsigned integer, 4 bytes | 1.12.0 to 3.4.5 |
| elf.sh_link | Link Index | Unsigned integer, 4 bytes | 1.12.0 to 3.4.5 |
| elf.sh_name | Name Index | Unsigned integer, 4 bytes | 1.12.0 to 3.4.5 |
| elf.sh_offset | File Offset | Unsigned integer, 4 bytes | 1.12.0 to 3.4.5 |
| elf.sh_offset64 | File Offset | Unsigned integer, 8 bytes | 2.2.0 to 3.4.5 |
| elf.sh_size | Size | Unsigned integer, 4 bytes | 1.12.0 to 3.4.5 |
| elf.sh_size64 | Size | Unsigned integer, 8 bytes | 2.2.0 to 3.4.5 |
| elf.sh_type | Type | Unsigned integer, 4 bytes | 1.12.0 to 3.4.5 |
| elf.shentsize | Entry Size in Section Header Table | Unsigned integer, 2 bytes | 1.12.0 to 3.4.5 |
| elf.shnum | Number of Entries in the Section Header Table | Unsigned integer, 2 bytes | 1.12.0 to 3.4.5 |
| elf.shoff | Section Header Table File Offset | Unsigned integer, 4 bytes | 1.12.0 to 3.4.5 |
| elf.shoff64 | Section Header Table File Offset | Unsigned integer, 8 bytes | 2.2.0 to 3.4.5 |
| elf.shstrndx | Section Header Table String Index | Unsigned integer, 2 bytes | 1.12.0 to 3.4.5 |
| elf.string | String | Character string | 1.12.0 to 3.4.5 |
| elf.symbol_table.info | Info | Unsigned integer, 1 byte | 1.12.0 to 3.4.5 |
| elf.symbol_table.info.bind | Bind | Unsigned integer, 1 byte | 1.12.0 to 3.4.5 |
| elf.symbol_table.info.type | Type | Unsigned integer, 1 byte | 1.12.0 to 3.4.5 |
| elf.symbol_table.name_index | Name Index | Unsigned integer, 4 bytes | 1.12.0 to 3.4.5 |
| elf.symbol_table.other | Other | Unsigned integer, 1 byte | 1.12.0 to 3.4.5 |
| elf.symbol_table.shndx | Related Section Header Index | Unsigned integer, 2 bytes | 1.12.0 to 3.4.5 |
| elf.symbol_table.size | Size | Unsigned integer, 4 bytes | 1.12.0 to 3.4.5 |
| elf.symbol_table.size64 | Size | Unsigned integer, 8 bytes | 2.2.0 to 3.4.5 |
| elf.symbol_table.value | Value | Unsigned integer, 4 bytes | 1.12.0 to 3.4.5 |
| elf.symbol_table.value64 | Value | Unsigned integer, 8 bytes | 2.2.0 to 3.4.5 |
| elf.type | Type | Unsigned integer, 2 bytes | 1.12.0 to 3.4.5 |
| elf.version | Version | Unsigned integer, 4 bytes | 1.12.0 to 3.4.5 |
Go Beyond with Riverbed Technology
I have a lot of traffic...
ANSWER: SteelCentral™ AppResponse 11
- • Full stack analysis – from packets to pages
- • Rich performance metrics & pre-defined insights for fast problem identification/resolution
- • Modular, flexible solution for deeply-analyzing network & application performance