Elastic Windows Event Explorer


Publisher - Microsoft-Windows-Kernel-Network

Event ID 14

Message:

TCPv4: %{size} bytes retransmitted from %{saddr}:%{sport} to %{daddr}:%{dport}.

Event Data:

# Name In Type
Out Type
1 PID win:UInt32 xs:unsignedInt
2 size win:UInt32 xs:unsignedInt
3 daddr win:UInt32 win:IPv4
4 saddr win:UInt32 win:IPv4
5 dport win:UInt16 win:Port
6 sport win:UInt16 win:Port
7 seqnum win:UInt32 xs:unsignedInt
8 connid win:UInt32 xs:unsignedInt

Observed Windows Versions:

Version: 0

Fingerprint: S5HF5WR26O4NW