Wireshark · Display Filter Reference: Network Monitor Event

Display Filter Reference: Network Monitor Event

Protocol field name: netmon_event

Versions: 2.6.0 to 4.4.1

Field name	Description	Type	Versions
netmon_event.activity_id	Activity ID	Globally Unique Identifier	2.6.0 to 4.4.1
netmon_event.alignment	Alignment	Unsigned integer (8 bits)	2.6.0 to 4.4.1
netmon_event.event_desc.channel	Channel	Unsigned integer (8 bits)	2.6.0 to 4.4.1
netmon_event.event_desc.id	ID	Unsigned integer (16 bits)	2.6.0 to 4.4.1
netmon_event.event_desc.keyword	Keyword	Unsigned integer (64 bits)	2.6.0 to 4.4.1
netmon_event.event_desc.level	Level	Unsigned integer (8 bits)	2.6.0 to 4.4.1
netmon_event.event_desc.opcode	Opcode	Unsigned integer (8 bits)	2.6.0 to 4.4.1
netmon_event.event_desc.task	Task	Unsigned integer (16 bits)	2.6.0 to 4.4.1
netmon_event.event_desc.version	Version	Unsigned integer (8 bits)	2.6.0 to 4.4.1
netmon_event.event_property	Event property	Unsigned integer (16 bits)	2.6.0 to 4.4.1
netmon_event.event_property.forwarded_xml	Event data contains fully-rendered XML	Boolean	2.6.0 to 4.4.1
netmon_event.event_property.legacy_eventlog	Need WMI MOF class	Boolean	2.6.0 to 4.4.1
netmon_event.event_property.xml	Need manifest	Boolean	2.6.0 to 4.4.1
netmon_event.extended_data	Extended data	Byte sequence	2.6.0 to 4.4.1
netmon_event.extended_data.linkage	Additional extended data	Boolean	2.6.0 to 4.4.1
netmon_event.extended_data.reserved	Reserved	Unsigned integer (16 bits)	2.6.0 to 4.4.1
netmon_event.extended_data.reserved2	Reserved	Unsigned integer (16 bits)	2.6.0 to 4.4.1
netmon_event.extended_data.size	Extended data size	Unsigned integer (16 bits)	2.6.0 to 4.4.1
netmon_event.extended_data.type	Extended info type	Unsigned integer (16 bits)	2.6.0 to 4.4.1
netmon_event.extended_data_count	Extended data count	Unsigned integer (16 bits)	2.6.0 to 4.4.1
netmon_event.flags	Flags	Unsigned integer (16 bits)	2.6.0 to 4.4.1
netmon_event.flags.32bit_header	Provider running on 32-bit computer	Boolean	2.6.0 to 4.4.1
netmon_event.flags.64bit_header	Provider running on 64-bit computer	Boolean	2.6.0 to 4.4.1
netmon_event.flags.classic_header	Use TraceEvent	Boolean	2.6.0 to 4.4.1
netmon_event.flags.extended_info	Extended Info	Boolean	2.6.0 to 4.4.1
netmon_event.flags.no_cputime	Use ProcessorTime	Boolean	2.6.0 to 4.4.1
netmon_event.flags.private_session	Private Sessions	Boolean	2.6.0 to 4.4.1
netmon_event.flags.string_only	Null-terminated Unicode string	Boolean	2.6.0 to 4.4.1
netmon_event.flags.trace_message	TraceMessage logged	Boolean	2.6.0 to 4.4.1
netmon_event.header_type	Header type	Unsigned integer (16 bits)	2.6.0 to 4.4.1
netmon_event.kernel_time	Kernel time	Unsigned integer (32 bits)	2.6.0 to 4.4.1
netmon_event.logger_id	Logger ID	Unsigned integer (16 bits)	2.6.0 to 4.4.1
netmon_event.process_id	Process ID	Unsigned integer (32 bits)	2.6.0 to 4.4.1
netmon_event.processor_number	Processor number	Unsigned integer (8 bits)	2.6.0 to 4.4.1
netmon_event.processor_time	Processor time	Unsigned integer (64 bits)	2.6.0 to 4.4.1
netmon_event.provider_id	Provider ID	Globally Unique Identifier	2.6.0 to 4.4.1
netmon_event.reassembled	Reassembled	Unsigned integer (16 bits)	2.6.0 to 4.4.1
netmon_event.size	Size	Unsigned integer (16 bits)	2.6.0 to 4.4.1
netmon_event.thread_id	Thread ID	Unsigned integer (32 bits)	2.6.0 to 4.4.1
netmon_event.timestamp	Timestamp	Date and time	2.6.0 to 4.4.1
netmon_event.user_data	User data	Byte sequence	2.6.0 to 4.4.1
netmon_event.user_data_length	User data length	Unsigned integer (16 bits)	2.6.0 to 4.4.1
netmon_event.user_time	User time	Unsigned integer (32 bits)	2.6.0 to 4.4.1