Elastic Windows Event Explorer


Publisher - Microsoft-Windows-Kernel-Network

Event ID 12

Message:

TCPv4: Connection attempted between %{saddr}:%{sport} and %{daddr}:%{dport}.

Event Data:

# Name In Type
Out Type
1 PID win:UInt32 xs:unsignedInt
2 size win:UInt32 xs:unsignedInt
3 daddr win:UInt32 win:IPv4
4 saddr win:UInt32 win:IPv4
5 dport win:UInt16 win:Port
6 sport win:UInt16 win:Port
7 mss win:UInt16 xs:unsignedShort
8 sackopt win:UInt16 xs:unsignedShort
9 tsopt win:UInt16 xs:unsignedShort
10 wsopt win:UInt16 xs:unsignedShort
11 rcvwin win:UInt32 xs:unsignedInt
12 rcvwinscale win:UInt16 xs:unsignedShort
13 sndwinscale win:UInt16 xs:unsignedShort
14 seqnum win:UInt32 xs:unsignedInt
15 connid win:UInt32 xs:unsignedInt

Observed Windows Versions:

Version: 0

Fingerprint: 5RZUNDANBO3SG