Elastic Windows Event Explorer


Publisher - Microsoft-Windows-Kernel-Network

Event ID 30

Message:

TCPv6: %{size} bytes retransmitted from %{saddr}:%{sport} to %{daddr}:%{dport}.

Event Data:

# Name In Type
Out Type
1 PID win:UInt32 xs:unsignedInt
2 size win:UInt32 xs:unsignedInt
3 daddr win:Binary win:IPv6
4 saddr win:Binary win:IPv6
5 dport win:UInt16 win:Port
6 sport win:UInt16 win:Port
7 seqnum win:UInt32 xs:unsignedInt
8 connid win:UInt32 xs:unsignedInt

Observed Windows Versions:

Version: 0

Fingerprint: AGGZFGWLRVHMA