Elastic Windows Event Explorer


Publisher - Microsoft-Windows-WinNat

Event ID 1035

Message:

NAT translated and forwarded IPv4 %{TransportProtocol} packet which arrived over %{ArrivalNetwork} interface %{ArrivalInterfaceIndex} in compartment %{ArrivalCompartmentId} to interface %{ForwardInterfaceIndex} in compartment %{ForwardCompartmentId}.

Event Data:

# Name In Type
Out Type
1 ActionReason win:UInt32 xs:unsignedInt
2 ArrivalCompartmentId win:UInt32 xs:unsignedInt
3 ArrivalInterfaceIndex win:UInt32 xs:unsignedInt
4 ArrivalNetwork win:UInt32 xs:unsignedInt
5 TransportProtocol win:UInt32 xs:unsignedInt
6 ForwardCompartmentId win:UInt32 xs:unsignedInt
7 ForwardInterfaceIndex win:UInt32 xs:unsignedInt
8 PacketLength win:UInt32 xs:unsignedInt
9 ContinuousLength win:UInt32 xs:unsignedInt
10 CapturedIPHeaderLength win:UInt32 xs:unsignedInt
11 CapturedTransportHeaderLength win:UInt32 xs:unsignedInt
12 ICMPErrorTransportProtocol win:UInt32 xs:unsignedInt
13 ICMPErrorCapturedIPHeaderLength win:UInt32 xs:unsignedInt
14 ICMPErrorCapturedTransportHeaderLength win:UInt32 xs:unsignedInt
15 IPHeader win:Binary xs:hexBinary
16 TransportHeader win:Binary xs:hexBinary
17 ICMPErrorIPHeader win:Binary xs:hexBinary
18 ICMPErrorTransportHeader win:Binary xs:hexBinary

Observed Windows Versions:

Version: 0

Fingerprint: N7KONEW2A6P2G