Display Filter Reference: Exchange 5.5 EMSMDB

Protocol field name: mapi

Versions: 1.0.0 to 2.4.4

Back to Display Filter Reference

Field name Description Type Versions
mapi.DATA_BLOB.data Data Unsigned integer, 1 byte 1.2.0 to 2.4.4
mapi.DATA_BLOB.length Length Unsigned integer, 1 byte 1.2.0 to 2.4.4
mapi.decrypted.data Decrypted data Sequence of bytes 1.0.0 to 2.4.4
mapi.decrypted.data.len Length Unsigned integer, 4 bytes 1.0.0 to 1.0.16
mapi.decrypted.data.maxlen Max Length Unsigned integer, 4 bytes 1.0.0 to 1.0.16
mapi.decrypted.data.offset Offset Unsigned integer, 4 bytes 1.0.0 to 1.0.16
mapi.EcDoConnect.alloc_space Alloc Space Unsigned integer, 4 bytes 1.2.0 to 2.4.4
mapi.EcDoConnect.code_page Code Page Unsigned integer, 4 bytes 1.2.0 to 2.4.4
mapi.EcDoConnect.emsmdb_client_version Emsmdb Client Version Unsigned integer, 2 bytes 1.2.0 to 2.4.4
mapi.EcDoConnect.input_locale Input Locale Label 1.2.0 to 2.4.4
mapi.EcDoConnect.name Name Character string 1.2.0 to 2.4.4
mapi.EcDoConnect.org_group Org Group Character string 1.2.0 to 2.4.4
mapi.EcDoConnect.session_nb Session Nb Unsigned integer, 2 bytes 1.2.0 to 2.4.4
mapi.EcDoConnect.store_version Store Version Unsigned integer, 2 bytes 1.2.0 to 2.4.4
mapi.EcDoConnect.unknown1 Unknown1 Unsigned integer, 4 bytes 1.2.0 to 2.4.4
mapi.EcDoConnect.unknown2 Unknown2 Unsigned integer, 4 bytes 1.2.0 to 2.4.4
mapi.EcDoConnect.unknown3 Unknown3 Unsigned integer, 2 bytes 1.2.0 to 2.4.4
mapi.EcDoConnect.unknown4 Unknown4 Unsigned integer, 4 bytes 1.2.0 to 2.4.4
mapi.EcDoConnect.user User Character string 1.2.0 to 2.4.4
mapi.EcDoRpc.codepage Codepage Unsigned integer, 4 bytes 2.0.0 to 2.4.4
mapi.EcDoRpc.folder_id Folder ID Unsigned integer, 8 bytes 2.0.0 to 2.4.4
mapi.EcDoRpc.handle_index Handle index Unsigned integer, 1 byte 2.0.0 to 2.4.4
mapi.EcDoRpc.layout Layout Unsigned integer, 1 byte 2.0.0 to 2.4.4
mapi.EcDoRpc.length Length Unsigned integer, 2 bytes 1.2.0 to 2.4.4
mapi.EcDoRpc.mailbox Mailbox Character string 2.0.0 to 2.4.4
mapi.EcDoRpc.mapi_flags mapi_flags Unsigned integer, 1 byte 2.0.0 to 2.4.4
mapi.EcDoRpc.mapi_request Mapi Request Label 1.2.0 to 2.4.4
mapi.EcDoRpc.mapi_response Mapi Response Label 1.2.0 to 2.4.4
mapi.EcDoRpc.mapi_tag MAPI tag Unsigned integer, 4 bytes 2.0.0 to 2.4.4
mapi.EcDoRpc.max_data Max Data Unsigned integer, 2 bytes 1.2.0 to 2.4.4
mapi.EcDoRpc.offset Offset Unsigned integer, 4 bytes 1.2.0 to 2.4.4
mapi.EcDoRpc.padding Padding Unsigned integer, 4 bytes 2.0.0 to 2.4.4
mapi.EcDoRpc.prop_count Prop count Unsigned integer, 2 bytes 2.0.0 to 2.4.4
mapi.EcDoRpc.row Row Unsigned integer, 1 byte 2.0.0 to 2.4.4
mapi.EcDoRpc.size Size Unsigned integer, 4 bytes 1.2.0 to 2.4.4
mapi.EcDoRpc.str_length Length Unsigned integer, 2 bytes 2.0.0 to 2.4.4
mapi.EcDoRpc.subcontext Subcontext length Unsigned integer, 4 bytes 1.12.2 to 2.4.4
mapi.EcDoRpc.subcontext_size Subcontext size Unsigned integer, 4 bytes 2.0.0 to 2.4.4
mapi.EcDoRpc.unknown1 Unknown1 Unsigned integer, 2 bytes 2.0.0 to 2.4.4
mapi.EcDoRpc.unknown2 Unknown2 Unsigned integer, 1 byte 2.0.0 to 2.4.4
mapi.EcDoRpc.unknown3 Unknown3 Unsigned integer, 4 bytes 2.0.0 to 2.4.4
mapi.EcDoRpc_MAPI_REPL.opnum Opnum Unsigned integer, 1 byte 2.0.0 to 2.4.4
mapi.EcDoRpc_MAPI_REPL_UNION.mapi_GetProps Mapi GetProps Label 1.2.0 to 2.4.4
mapi.EcDoRpc_MAPI_REPL_UNION.mapi_OpenFolder Mapi OpenFolder Label 1.2.0 to 2.4.4
mapi.EcDoRpc_MAPI_REPL_UNION.mapi_Release Mapi Release Label 1.2.0 to 2.4.4
mapi.EcDoRpc_MAPI_REQ.opnum Opnum Unsigned integer, 1 byte 1.2.0 to 1.12.13
mapi.EcDoRpc_MAPI_REQ_UNION.mapi_GetProps Mapi GetProps Label 1.2.0 to 2.4.4
mapi.EcDoRpc_MAPI_REQ_UNION.mapi_OpenFolder Mapi OpenFolder Label 1.2.0 to 2.4.4
mapi.EcDoRpc_MAPI_REQ_UNION.mapi_OpenMsgStore Mapi OpenMsgStore Label 1.2.0 to 2.4.4
mapi.EcDoRpc_MAPI_REQ_UNION.mapi_Release Mapi Release Label 1.2.0 to 2.4.4
mapi.EcRRegisterPushNotification.notif_len Notif Len Unsigned integer, 2 bytes 1.2.0 to 2.4.4
mapi.EcRRegisterPushNotification.notifkey Notifkey Unsigned integer, 1 byte 1.2.0 to 2.4.4
mapi.EcRRegisterPushNotification.retval Retval Unsigned integer, 4 bytes 1.2.0 to 2.4.4
mapi.EcRRegisterPushNotification.sockaddr Sockaddr Unsigned integer, 1 byte 1.2.0 to 2.4.4
mapi.EcRRegisterPushNotification.sockaddr_len Sockaddr Len Unsigned integer, 2 bytes 1.2.0 to 2.4.4
mapi.EcRRegisterPushNotification.ulEventMask UlEventMask Unsigned integer, 2 bytes 1.2.0 to 2.4.4
mapi.EcRRegisterPushNotification.unknown2 Unknown2 Unsigned integer, 4 bytes 1.2.0 to 2.4.4
mapi.EcRUnregisterPushNotification.unknown Unknown Unsigned integer, 4 bytes 1.2.0 to 2.4.4
mapi.encap_len Length Unsigned integer, 2 bytes 1.0.0 to 1.0.16
mapi.encrypted_data Encrypted data Sequence of bytes 1.0.0 to 1.0.16
mapi.FILETIME.dwHighDateTime DwHighDateTime Unsigned integer, 4 bytes 1.2.0 to 2.4.4
mapi.FILETIME.dwLowDateTime DwLowDateTime Unsigned integer, 4 bytes 1.2.0 to 2.4.4
mapi.handle Handle Sequence of bytes 1.2.0 to 2.4.4
mapi.hnd Context Handle Sequence of bytes 1.0.0 to 1.0.16
mapi.input_locale.language Language Unsigned integer, 4 bytes 1.2.0 to 2.4.4
mapi.input_locale.method Method Unsigned integer, 4 bytes 1.2.0 to 2.4.4
mapi.LPSTR.lppszA LppszA Character string 1.2.0 to 2.4.4
mapi.mapi_handle MAPI handle Unsigned integer, 4 bytes 2.0.0 to 2.4.4
mapi.mapi_request.mapi_req Mapi Req Label 1.2.0 to 2.4.4
mapi.mapi_response.mapi_repl Mapi Repl Label 1.2.0 to 2.4.4
mapi.MAPISTATUS_status MAPISTATUS Unsigned integer, 4 bytes 1.2.0 to 2.4.4
mapi.notification_payload Notification payload Sequence of bytes 1.0.0 to 1.0.16
mapi.notification_port Notification port Unsigned integer, 2 bytes 1.0.0 to 1.0.16
mapi.OpenMessage_recipients.codepage Codepage Unsigned integer, 4 bytes 1.2.0 to 2.4.4
mapi.OpenMessage_recipients.RecipClass RecipClass Unsigned integer, 1 byte 1.2.0 to 2.4.4
mapi.OpenMessage_recipients.recipients_headers Recipients Headers Label 1.2.0 to 2.4.4
mapi.OpenMessage_recipients.subcontext Subcontext length Unsigned integer, 2 bytes 1.12.2 to 2.4.4
mapi.OpenMessage_req.folder_handle_idx Folder Handle Idx Unsigned integer, 1 byte 1.2.0 to 2.4.4
mapi.OpenMessage_req.folder_id Folder Id Unsigned integer, 8 bytes 1.2.0 to 2.4.4
mapi.OpenMessage_req.max_data Max Data Unsigned integer, 2 bytes 1.2.0 to 2.4.4
mapi.OpenMessage_req.message_id Message Id Unsigned integer, 8 bytes 1.2.0 to 2.4.4
mapi.OpenMessage_req.message_permissions Message Permissions Unsigned integer, 1 byte 1.2.0 to 2.4.4
mapi.opnum Operation Unsigned integer, 2 bytes 1.0.0 to 2.4.4
mapi.pdu.len Length Unsigned integer, 2 bytes 1.0.0 to 2.4.4
mapi.rc Return code Unsigned integer, 4 bytes 1.0.0 to 1.0.16
mapi.RecipExchange.addr_type Addr Type Unsigned integer, 1 byte 1.2.0 to 2.4.4
mapi.RecipExchange.organization_length Organization Length Unsigned integer, 1 byte 1.2.0 to 2.4.4
mapi.recipient_displayname_7bit.lpszA LpszA Character string 1.2.0 to 2.4.4
mapi.recipient_type.EXCHANGE EXCHANGE Label 1.2.0 to 2.4.4
mapi.recipient_type.SMTP SMTP Label 1.2.0 to 2.4.4
mapi.recipients_headers.bitmask Bitmask Unsigned integer, 2 bytes 1.2.0 to 2.4.4
mapi.recipients_headers.layout Layout Unsigned integer, 1 byte 1.2.0 to 2.4.4
mapi.recipients_headers.prop_count Prop Count Unsigned integer, 2 bytes 1.2.0 to 2.4.4
mapi.recipients_headers.prop_values Prop Values Label 1.2.0 to 2.4.4
mapi.recipients_headers.type Recipient Type Unsigned integer, 2 bytes 1.2.0 to 2.4.4
mapi.recipients_headers.username Username Label 1.2.0 to 2.4.4
mapi.SPropValue.ulPropTag UlPropTag Unsigned integer, 4 bytes 1.2.0 to 2.4.4
mapi.SPropValue.value Value Unsigned integer, 4 bytes 1.2.0 to 2.4.4
mapi.SPropValue_CTR.b B Unsigned integer, 1 byte 1.2.0 to 2.4.4
mapi.SPropValue_CTR.d D Signed integer, 8 bytes 1.2.0 to 2.4.4
mapi.SPropValue_CTR.dbl Dbl Signed integer, 8 bytes 1.2.0 to 2.4.4
mapi.SPropValue_CTR.err Err Unsigned integer, 4 bytes 1.2.0 to 2.4.4
mapi.SPropValue_CTR.ft Ft Label 1.2.0 to 2.4.4
mapi.SPropValue_CTR.i I Unsigned integer, 2 bytes 1.2.0 to 2.4.4
mapi.SPropValue_CTR.l L Unsigned integer, 4 bytes 1.2.0 to 2.4.4
mapi.SPropValue_CTR.lpguid Lpguid Globally Unique Identifier 1.2.0 to 2.4.4
mapi.SPropValue_CTR.lpszA LpszA Character string 1.2.0 to 2.4.4
mapi.SPropValue_CTR.lpszW LpszW Character string 1.2.0 to 2.4.4
mapi.SRow.ulRowFlags UlRowFlags Unsigned integer, 1 byte 1.2.0 to 2.4.4
mapi.ulEventType.fnevCriticalError FnevCriticalError Boolean 1.2.0 to 2.4.4
mapi.ulEventType.fnevExtended FnevExtended Boolean 1.2.0 to 2.4.4
mapi.ulEventType.fnevNewMail FnevNewMail Boolean 1.2.0 to 2.4.4
mapi.ulEventType.fnevObjectCopied FnevObjectCopied Boolean 1.2.0 to 2.4.4
mapi.ulEventType.fnevObjectCreated FnevObjectCreated Boolean 1.2.0 to 2.4.4
mapi.ulEventType.fnevObjectDeleted FnevObjectDeleted Boolean 1.2.0 to 2.4.4
mapi.ulEventType.fnevObjectModified FnevObjectModified Boolean 1.2.0 to 2.4.4
mapi.ulEventType.fnevObjectMoved FnevObjectMoved Boolean 1.2.0 to 2.4.4
mapi.ulEventType.fnevReservedForMapi FnevReservedForMapi Boolean 1.2.0 to 2.4.4
mapi.ulEventType.fnevSearchComplete FnevSearchComplete Boolean 1.2.0 to 2.4.4
mapi.ulEventType.fnevStatusObjectModified FnevStatusObjectModified Boolean 1.2.0 to 2.4.4
mapi.ulEventType.fnevTableModified FnevTableModified Boolean 1.2.0 to 2.4.4
mapi.unknown_long Unknown long Unsigned integer, 4 bytes 1.0.0 to 1.0.16
mapi.unknown_short Unknown short Unsigned integer, 2 bytes 1.0.0 to 1.0.16
mapi.unknown_string Unknown string Character string 1.0.0 to 1.0.16
Go Beyond with Riverbed Technology

Riverbed is Wireshark's primary sponsor and provides our funding. They also make great products that fully integrate with Wireshark.

I have a lot of traffic...

ANSWER: SteelCentral™ Packet Analyzer PE
  • • Visually rich, powerful LAN analyzer
  • • Quickly access very large pcap files
  • • Professional, customizable reports
  • • Advanced triggers and alerts
  • • Fully integrated with Wireshark and AirPcap™
Learn More

Buy Now

No, really, I have a LOT of traffic…

ANSWER: SteelCentral™ NetShark appliance
  • • Troubleshoot problems faster
  • • Quickly identify the applications running on your network
  • • Monitor your virtual machine traffic
Learn More