Display Filter Reference: EFS (pidl)

Protocol field name: efs

Versions: 1.0.0 to 2.6.5

Back to Display Filter Reference

Field name Description Type Versions
efs.EFS_CERTIFICATE_BLOB.cbData CbData Unsigned integer, 4 bytes 1.0.0 to 2.6.5
efs.EFS_CERTIFICATE_BLOB.dwCertEncodingType DwCertEncodingType Unsigned integer, 4 bytes 1.0.0 to 2.6.5
efs.EFS_CERTIFICATE_BLOB.pbData PbData Unsigned integer, 1 byte 1.0.0 to 2.6.5
efs.EFS_HASH_BLOB.cbData CbData Unsigned integer, 4 bytes 1.0.0 to 2.6.5
efs.EFS_HASH_BLOB.pbData PbData Unsigned integer, 1 byte 1.0.0 to 2.6.5
efs.EfsRpcAddUsersToFile.FileName FileName Character string 1.0.0 to 2.6.5
efs.EfsRpcCloseRaw.pvContext PvContext Sequence of bytes 1.0.0 to 2.6.5
efs.EfsRpcDecryptFileSrv.FileName FileName Character string 1.0.0 to 2.6.5
efs.EfsRpcDecryptFileSrv.Reserved Reserved Unsigned integer, 4 bytes 1.0.0 to 2.6.5
efs.EfsRpcEncryptFileSrv.Filename Filename Character string 1.0.0 to 2.6.5
efs.EfsRpcOpenFileRaw.FileName FileName Character string 1.0.0 to 2.6.5
efs.EfsRpcOpenFileRaw.Flags Flags Unsigned integer, 4 bytes 1.0.0 to 2.6.5
efs.EfsRpcOpenFileRaw.pvContext PvContext Sequence of bytes 1.0.0 to 2.6.5
efs.EfsRpcQueryRecoveryAgents.FileName FileName Character string 1.0.0 to 2.6.5
efs.EfsRpcQueryRecoveryAgents.pRecoveryAgents PRecoveryAgents Label 1.0.0 to 2.6.5
efs.EfsRpcQueryUsersOnFile.FileName FileName Character string 1.0.0 to 2.6.5
efs.EfsRpcQueryUsersOnFile.pUsers PUsers Label 1.0.0 to 2.6.5
efs.EfsRpcReadFileRaw.pvContext PvContext Sequence of bytes 1.0.0 to 2.6.5
efs.EfsRpcRemoveUsersFromFile.FileName FileName Character string 1.0.0 to 2.6.5
efs.EfsRpcSetFileEncryptionKey.pEncryptionCertificate PEncryptionCertificate Label 1.0.0 to 2.6.5
efs.EfsRpcWriteFileRaw.pvContext PvContext Sequence of bytes 1.0.0 to 2.6.5
efs.ENCRYPTION_CERTIFICATE.pCertBlob PCertBlob Label 1.0.0 to 2.6.5
efs.ENCRYPTION_CERTIFICATE.pUserSid PUserSid Label 1.0.0 to 2.6.5
efs.ENCRYPTION_CERTIFICATE.TotalLength TotalLength Unsigned integer, 4 bytes 1.0.0 to 2.6.5
efs.ENCRYPTION_CERTIFICATE_HASH.cbTotalLength CbTotalLength Unsigned integer, 4 bytes 1.0.0 to 2.6.5
efs.ENCRYPTION_CERTIFICATE_HASH.lpDisplayInformation LpDisplayInformation Character string 1.0.0 to 2.6.5
efs.ENCRYPTION_CERTIFICATE_HASH.pHash PHash Label 1.0.0 to 2.6.5
efs.ENCRYPTION_CERTIFICATE_HASH.pUserSid PUserSid Label 1.0.0 to 2.6.5
efs.ENCRYPTION_CERTIFICATE_HASH_LIST.nCert_Hash NCert Hash Unsigned integer, 4 bytes 1.0.0 to 2.6.5
efs.ENCRYPTION_CERTIFICATE_HASH_LIST.pUsers PUsers Label 1.0.0 to 2.6.5
efs.opnum Operation Unsigned integer, 2 bytes 1.0.0 to 2.6.5
efs.werror Windows Error Unsigned integer, 4 bytes 1.0.0 to 2.6.5
Go Beyond with Riverbed Technology

Riverbed is Wireshark's primary sponsor and provides our funding. They also make great products that fully integrate with Wireshark.

I have a lot of traffic...

ANSWER: SteelCentral™ Packet Analyzer PE
  • • Visually rich, powerful LAN analyzer
  • • Quickly access very large pcap files
  • • Professional, customizable reports
  • • Advanced triggers and alerts
Learn More

Buy Now

No, really, I have a LOT of traffic…

ANSWER: SteelCentral™ AppResponse 11
  • • Full stack analysis – from packets to pages
  • • Rich performance metrics & pre-defined insights for fast problem identification/resolution
  • • Modular, flexible solution for deeply-analyzing network & application performance
Learn More