Display Filter Reference: EFS (pidl)
Protocol field name: efs
Versions: 1.0.0 to 2.6.1
Back to Display Filter Reference
| Field name | Description | Type | Versions |
|---|---|---|---|
| efs.EFS_CERTIFICATE_BLOB.cbData | CbData | Unsigned integer, 4 bytes | 1.0.0 to 2.6.1 |
| efs.EFS_CERTIFICATE_BLOB.dwCertEncodingType | DwCertEncodingType | Unsigned integer, 4 bytes | 1.0.0 to 2.6.1 |
| efs.EFS_CERTIFICATE_BLOB.pbData | PbData | Unsigned integer, 1 byte | 1.0.0 to 2.6.1 |
| efs.EFS_HASH_BLOB.cbData | CbData | Unsigned integer, 4 bytes | 1.0.0 to 2.6.1 |
| efs.EFS_HASH_BLOB.pbData | PbData | Unsigned integer, 1 byte | 1.0.0 to 2.6.1 |
| efs.EfsRpcAddUsersToFile.FileName | FileName | Character string | 1.0.0 to 2.6.1 |
| efs.EfsRpcCloseRaw.pvContext | PvContext | Sequence of bytes | 1.0.0 to 2.6.1 |
| efs.EfsRpcDecryptFileSrv.FileName | FileName | Character string | 1.0.0 to 2.6.1 |
| efs.EfsRpcDecryptFileSrv.Reserved | Reserved | Unsigned integer, 4 bytes | 1.0.0 to 2.6.1 |
| efs.EfsRpcEncryptFileSrv.Filename | Filename | Character string | 1.0.0 to 2.6.1 |
| efs.EfsRpcOpenFileRaw.FileName | FileName | Character string | 1.0.0 to 2.6.1 |
| efs.EfsRpcOpenFileRaw.Flags | Flags | Unsigned integer, 4 bytes | 1.0.0 to 2.6.1 |
| efs.EfsRpcOpenFileRaw.pvContext | PvContext | Sequence of bytes | 1.0.0 to 2.6.1 |
| efs.EfsRpcQueryRecoveryAgents.FileName | FileName | Character string | 1.0.0 to 2.6.1 |
| efs.EfsRpcQueryRecoveryAgents.pRecoveryAgents | PRecoveryAgents | Label | 1.0.0 to 2.6.1 |
| efs.EfsRpcQueryUsersOnFile.FileName | FileName | Character string | 1.0.0 to 2.6.1 |
| efs.EfsRpcQueryUsersOnFile.pUsers | PUsers | Label | 1.0.0 to 2.6.1 |
| efs.EfsRpcReadFileRaw.pvContext | PvContext | Sequence of bytes | 1.0.0 to 2.6.1 |
| efs.EfsRpcRemoveUsersFromFile.FileName | FileName | Character string | 1.0.0 to 2.6.1 |
| efs.EfsRpcSetFileEncryptionKey.pEncryptionCertificate | PEncryptionCertificate | Label | 1.0.0 to 2.6.1 |
| efs.EfsRpcWriteFileRaw.pvContext | PvContext | Sequence of bytes | 1.0.0 to 2.6.1 |
| efs.ENCRYPTION_CERTIFICATE.pCertBlob | PCertBlob | Label | 1.0.0 to 2.6.1 |
| efs.ENCRYPTION_CERTIFICATE.pUserSid | PUserSid | Label | 1.0.0 to 2.6.1 |
| efs.ENCRYPTION_CERTIFICATE.TotalLength | TotalLength | Unsigned integer, 4 bytes | 1.0.0 to 2.6.1 |
| efs.ENCRYPTION_CERTIFICATE_HASH.cbTotalLength | CbTotalLength | Unsigned integer, 4 bytes | 1.0.0 to 2.6.1 |
| efs.ENCRYPTION_CERTIFICATE_HASH.lpDisplayInformation | LpDisplayInformation | Character string | 1.0.0 to 2.6.1 |
| efs.ENCRYPTION_CERTIFICATE_HASH.pHash | PHash | Label | 1.0.0 to 2.6.1 |
| efs.ENCRYPTION_CERTIFICATE_HASH.pUserSid | PUserSid | Label | 1.0.0 to 2.6.1 |
| efs.ENCRYPTION_CERTIFICATE_HASH_LIST.nCert_Hash | NCert Hash | Unsigned integer, 4 bytes | 1.0.0 to 2.6.1 |
| efs.ENCRYPTION_CERTIFICATE_HASH_LIST.pUsers | PUsers | Label | 1.0.0 to 2.6.1 |
| efs.opnum | Operation | Unsigned integer, 2 bytes | 1.0.0 to 2.6.1 |
| efs.werror | Windows Error | Unsigned integer, 4 bytes | 1.0.0 to 2.6.1 |
Go Beyond with Riverbed Technology
I have a lot of traffic...
ANSWER: SteelCentral™ Packet Analyzer PE
- • Visually rich, powerful LAN analyzer
- • Quickly access very large pcap files
- • Professional, customizable reports
- • Advanced triggers and alerts
No, really, I have a LOT of traffic…
ANSWER: SteelCentral™ NetShark appliance
- • Troubleshoot problems faster
- • Quickly identify the applications running on your network
- • Monitor your virtual machine traffic