Wireshark · Display Filter Reference: ETW WFP Capture

Display Filter Reference: ETW WFP Capture

Protocol field name: etw.wfp_capture

Versions: 2.6.0 to 4.2.5

Field name	Description	Type	Versions
etw.wfp_capture.callout	Callout	Unsigned integer (32 bits)	2.6.0 to 4.2.5
etw.wfp_capture.callout_error_message	Driver Name	Character string	2.6.0 to 4.2.5
etw.wfp_capture.driver_error_message	Driver Name	Character string	2.6.0 to 4.2.5
etw.wfp_capture.driver_name	Driver Name	Character string	2.6.0 to 4.2.5
etw.wfp_capture.event_id	Event ID	Unsigned integer (32 bits)	2.6.0 to 4.2.5
etw.wfp_capture.filter_id	Filter ID	Unsigned integer (64 bits)	2.6.0 to 4.2.5
etw.wfp_capture.filter_weight	Filter Weight	Unsigned integer (64 bits)	2.6.0 to 4.2.5
etw.wfp_capture.major_version	Major Version	Unsigned integer (16 bits)	2.6.0 to 4.2.5
etw.wfp_capture.minor_version	Minor Version	Unsigned integer (16 bits)	2.6.0 to 4.2.5
etw.wfp_capture.nt_status	NT Status	Unsigned integer (32 bits)	2.6.0 to 4.2.5