Elastic Windows Event Explorer


Publisher - Microsoft-Windows-PktMon

Event ID 240

Message:

Duplicate Drop: PktGroupId %{PktGroupId}, PktNumber %{PktNumber}, Appearance %{AppearanceCount}, Direction %{DirTag}, Type %{PacketType}, Component %{ComponentId}, Filter %{FilterId}, DropReason %{DropReason}, DropLocation %{DropLocation}, OriginalSize %{OriginalPayloadSize}, LoggedSize %{LoggedPayloadSize}

Event Data:

# Name In Type
Out Type
1 PktGroupId win:UInt64 xs:unsignedLong
2 PktNumber win:UInt16 xs:unsignedShort
3 AppearanceCount win:UInt16 xs:unsignedShort
4 DirTag win:UInt16 xs:unsignedShort
5 PacketType win:UInt16 xs:unsignedShort
6 ComponentId win:UInt16 xs:unsignedShort
7 EdgeId win:UInt16 xs:unsignedShort
8 FilterId win:UInt16 xs:unsignedShort
9 DropReason win:UInt32 xs:unsignedInt
10 DropLocation win:UInt32 win:HexInt32
11 OriginalPayloadSize win:UInt16 xs:unsignedShort
12 LoggedPayloadSize win:UInt16 xs:unsignedShort
13 Payload win:Binary xs:hexBinary

Observed Windows Versions:

Version: 0

Fingerprint: W2NKIGWU5M2BM