Elastic Windows Event Explorer


Publisher - Microsoft-Windows-TCPIP

Event ID 1206

Message:

TCPIP: SendDatagram %{Nbl} fell off the send fast path, Reason: %{Reason}. Protocol = %{IPTransportProtocol}, Family = %{AddressFamily}, Number of NBLs = %{NblCount}. SourceAddress = %{Source IPv4 Address} %{IPProtocol} %{IPv6 Source Address}. DestAddress = %{Dest IPv4 Address} %{IPProtocol} %{IPv6 Dest Address}.

Event Data:

# Name In Type
Out Type
1 Nbl win:Pointer win:HexInt64
2 IPTransportProtocol win:UInt32 xs:unsignedInt
3 AddressFamily win:UInt32 xs:unsignedInt
4 Source IPv4 Address win:UInt32 win:IPv4
5 Dest IPv4 Address win:UInt32 win:IPv4
6 IPv6SourceIpAddrLength win:UInt32 xs:unsignedInt
7 IPv6 Source Address win:Binary win:IPv6
8 IPv6DestIpAddrLength win:UInt32 xs:unsignedInt
9 IPv6 Dest Address win:Binary win:IPv6
10 Reason win:UInt32 xs:unsignedInt
11 NblCount win:UInt32 xs:unsignedInt
12 IPProtocol win:UInt32 xs:unsignedInt

Observed Windows Versions:

Version: 0

Fingerprint: IT5K6CYXSYX2S