Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Display Filter Reference: ETW WFP Capture

Protocol field name: etw.wfp_capture

Versions: 2.6.0 to 4.2.4

Back to Display Filter Reference

Field name Description Type Versions
etw.wfp_capture.calloutCalloutUnsigned integer (32 bits)2.6.0 to 4.2.4
etw.wfp_capture.callout_error_messageDriver NameCharacter string2.6.0 to 4.2.4
etw.wfp_capture.driver_error_messageDriver NameCharacter string2.6.0 to 4.2.4
etw.wfp_capture.driver_nameDriver NameCharacter string2.6.0 to 4.2.4
etw.wfp_capture.event_idEvent IDUnsigned integer (32 bits)2.6.0 to 4.2.4
etw.wfp_capture.filter_idFilter IDUnsigned integer (64 bits)2.6.0 to 4.2.4
etw.wfp_capture.filter_weightFilter WeightUnsigned integer (64 bits)2.6.0 to 4.2.4
etw.wfp_capture.major_versionMajor VersionUnsigned integer (16 bits)2.6.0 to 4.2.4
etw.wfp_capture.minor_versionMinor VersionUnsigned integer (16 bits)2.6.0 to 4.2.4
etw.wfp_capture.nt_statusNT StatusUnsigned integer (32 bits)2.6.0 to 4.2.4