Elastic Windows Event Explorer


Publisher - Microsoft-Windows-Kernel-Network

Event ID 18

Message:

TCPv4: %{size} bytes copied in protocol on behalf of user for connection between %{saddr}:%{sport} and %{daddr}:%{dport}.

Event Data:

# Name In Type
Out Type
1 PID win:UInt32 xs:unsignedInt
2 size win:UInt32 xs:unsignedInt
3 daddr win:UInt32 win:IPv4
4 saddr win:UInt32 win:IPv4
5 dport win:UInt16 win:Port
6 sport win:UInt16 win:Port
7 seqnum win:UInt32 xs:unsignedInt
8 connid win:UInt32 xs:unsignedInt

Observed Windows Versions:

Version: 0

Fingerprint: SHNAPQ3F66HJK