Display Filter Reference: ETW WFP Capture
Protocol field name: etw.wfp_capture
Versions: 2.6.0 to 3.6.8
Back to Display Filter Reference
| Field name | Description | Type | Versions |
|---|---|---|---|
| etw.wfp_capture.callout | Callout | Unsigned integer (4 bytes) | 2.6.0 to 3.6.8 |
| etw.wfp_capture.callout_error_message | Driver Name | Character string | 2.6.0 to 3.6.8 |
| etw.wfp_capture.driver_error_message | Driver Name | Character string | 2.6.0 to 3.6.8 |
| etw.wfp_capture.driver_name | Driver Name | Character string | 2.6.0 to 3.6.8 |
| etw.wfp_capture.event_id | Event ID | Unsigned integer (4 bytes) | 2.6.0 to 3.6.8 |
| etw.wfp_capture.filter_id | Filter ID | Unsigned integer (8 bytes) | 2.6.0 to 3.6.8 |
| etw.wfp_capture.filter_weight | Filter Weight | Unsigned integer (8 bytes) | 2.6.0 to 3.6.8 |
| etw.wfp_capture.major_version | Major Version | Unsigned integer (2 bytes) | 2.6.0 to 3.6.8 |
| etw.wfp_capture.minor_version | Minor Version | Unsigned integer (2 bytes) | 2.6.0 to 3.6.8 |
| etw.wfp_capture.nt_status | NT Status | Unsigned integer (4 bytes) | 2.6.0 to 3.6.8 |