Elastic Windows Event Explorer


Publisher - Microsoft-Windows-Kernel-Network

Event ID 26

Message:

TCPv6: %{size} bytes transmitted from %{saddr}:%{sport} to %{daddr}:%{dport}.

Event Data:

# Name In Type
Out Type
1 PID win:UInt32 xs:unsignedInt
2 size win:UInt32 xs:unsignedInt
3 daddr win:Binary win:IPv6
4 saddr win:Binary win:IPv6
5 dport win:UInt16 win:Port
6 sport win:UInt16 win:Port
7 startime win:UInt32 xs:unsignedInt
8 endtime win:UInt32 xs:unsignedInt
9 seqnum win:UInt32 xs:unsignedInt
10 connid win:UInt32 xs:unsignedInt

Observed Windows Versions:

Version: 0

Fingerprint: 6QULC4BFCR7X6