Display Filter Reference: Network Monitor Event

Protocol field name: netmon_event

Versions: 2.6.0 to 3.4.5

Back to Display Filter Reference

Field name Description Type Versions
netmon_event.activity_id Activity ID Globally Unique Identifier 2.6.0 to 3.4.5
netmon_event.alignment Alignment Unsigned integer, 1 byte 2.6.0 to 3.4.5
netmon_event.event_desc.channel Channel Unsigned integer, 1 byte 2.6.0 to 3.4.5
netmon_event.event_desc.id ID Unsigned integer, 2 bytes 2.6.0 to 3.4.5
netmon_event.event_desc.keyword Keyword Unsigned integer, 8 bytes 2.6.0 to 3.4.5
netmon_event.event_desc.level Level Unsigned integer, 1 byte 2.6.0 to 3.4.5
netmon_event.event_desc.opcode Opcode Unsigned integer, 1 byte 2.6.0 to 3.4.5
netmon_event.event_desc.task Task Unsigned integer, 2 bytes 2.6.0 to 3.4.5
netmon_event.event_desc.version Version Unsigned integer, 1 byte 2.6.0 to 3.4.5
netmon_event.event_property Event property Unsigned integer, 2 bytes 2.6.0 to 3.4.5
netmon_event.event_property.forwarded_xml Event data contains fully-rendered XML Boolean 2.6.0 to 3.4.5
netmon_event.event_property.legacy_eventlog Need WMI MOF class Boolean 2.6.0 to 3.4.5
netmon_event.event_property.xml Need manifest Boolean 2.6.0 to 3.4.5
netmon_event.extended_data Extended data Sequence of bytes 2.6.0 to 3.4.5
netmon_event.extended_data.linkage Additional extended data Boolean 2.6.0 to 3.4.5
netmon_event.extended_data.reserved Reserved Unsigned integer, 2 bytes 2.6.0 to 3.4.5
netmon_event.extended_data.reserved2 Reserved Unsigned integer, 2 bytes 2.6.0 to 3.4.5
netmon_event.extended_data.size Extended data size Unsigned integer, 2 bytes 2.6.0 to 3.4.5
netmon_event.extended_data.type Extended info type Unsigned integer, 2 bytes 2.6.0 to 3.4.5
netmon_event.extended_data_count Extended data count Unsigned integer, 2 bytes 2.6.0 to 3.4.5
netmon_event.flags Flags Unsigned integer, 2 bytes 2.6.0 to 3.4.5
netmon_event.flags.32bit_header Provider running on 32-bit computer Boolean 2.6.0 to 3.4.5
netmon_event.flags.64bit_header Provider running on 64-bit computer Boolean 2.6.0 to 3.4.5
netmon_event.flags.classic_header Use TraceEvent Boolean 2.6.0 to 3.4.5
netmon_event.flags.extended_info Extended Info Boolean 2.6.0 to 3.4.5
netmon_event.flags.no_cputime Use ProcessorTime Boolean 2.6.0 to 3.4.5
netmon_event.flags.private_session Private Sessions Boolean 2.6.0 to 3.4.5
netmon_event.flags.string_only Null-terminated Unicode string Boolean 2.6.0 to 3.4.5
netmon_event.flags.trace_message TraceMessage logged Boolean 2.6.0 to 3.4.5
netmon_event.header_type Header type Unsigned integer, 2 bytes 2.6.0 to 3.4.5
netmon_event.kernel_time Kernel time Unsigned integer, 4 bytes 2.6.0 to 3.4.5
netmon_event.logger_id Logger ID Unsigned integer, 2 bytes 2.6.0 to 3.4.5
netmon_event.process_id Process ID Unsigned integer, 4 bytes 2.6.0 to 3.4.5
netmon_event.processor_number Processor number Unsigned integer, 1 byte 2.6.0 to 3.4.5
netmon_event.processor_time Processor time Unsigned integer, 8 bytes 2.6.0 to 3.4.5
netmon_event.provider_id Provider ID Globally Unique Identifier 2.6.0 to 3.4.5
netmon_event.reassembled Reassembled Unsigned integer, 2 bytes 2.6.0 to 3.4.5
netmon_event.size Size Unsigned integer, 2 bytes 2.6.0 to 3.4.5
netmon_event.thread_id Thread ID Unsigned integer, 4 bytes 2.6.0 to 3.4.5
netmon_event.timestamp Timestamp Date and time 2.6.0 to 3.4.5
netmon_event.user_data User data Sequence of bytes 2.6.0 to 3.4.5
netmon_event.user_data_length User data length Unsigned integer, 2 bytes 2.6.0 to 3.4.5
netmon_event.user_time User time Unsigned integer, 4 bytes 2.6.0 to 3.4.5
Go Beyond with Riverbed Technology

Riverbed is Wireshark's primary sponsor and provides our funding. They also make great products that fully integrate with Wireshark.

I have a lot of traffic...

ANSWER: SteelCentral™ AppResponse 11
  • • Full stack analysis – from packets to pages
  • • Rich performance metrics & pre-defined insights for fast problem identification/resolution
  • • Modular, flexible solution for deeply-analyzing network & application performance
Learn More