Microsoft-Windows-Base-Filtering-Engine-Resource-Flows

4 events across 1 channel

Event ID 2002 — New Resource Flow

New Resource Flow.

New Resource Flow

Name	Description
`ConnectionUsedId` UInt64	—
`Protocol` UInt8	— Known values `0` HOPOPT `1` ICMP `2` IGMP `6` TCP `17` UDP `41` IPv6 `43` IPv6-Route `44` IPv6-Frag `47` GRE `50` ESP `51` AH `58` ICMPv6 `89` OSPF `103` PIM `132` SCTP
`RemoteIPAddress` Binary	—
`LocalIPAddress` Binary	—
`RemotePort` UInt16	—
`LocalPort` UInt16	—
`StartTime` FILETIME	—

Resource Flow Closed.

Resource Flow Closed

Name	Description
`ConnectionUsedId` UInt64	—
`Protocol` UInt8	— Known values `0` HOPOPT `1` ICMP `2` IGMP `6` TCP `17` UDP `41` IPv6 `43` IPv6-Route `44` IPv6-Frag `47` GRE `50` ESP `51` AH `58` ICMPv6 `89` OSPF `103` PIM `132` SCTP
`RemoteIPAddress` Binary	—
`LocalIPAddress` Binary	—
`RemotePort` UInt16	—
`LocalPort` UInt16	—
`StartTime` FILETIME	—
`CloseTime` FILETIME	—

New Resource Flow.

New Resource Flow

Name	Description
`ConnectionUsedId` UInt64	—
`Protocol` UInt8	— Known values `0` HOPOPT `1` ICMP `2` IGMP `6` TCP `17` UDP `41` IPv6 `43` IPv6-Route `44` IPv6-Frag `47` GRE `50` ESP `51` AH `58` ICMPv6 `89` OSPF `103` PIM `132` SCTP
`RemoteIPAddress` UInt32	—
`LocalIPAddress` UInt32	—
`RemotePort` UInt16	—
`LocalPort` UInt16	—
`StartTime` FILETIME	—

Resource Flow Closed.

Resource Flow Closed

Name	Description
`ConnectionUsedId` UInt64	—
`Protocol` UInt8	— Known values `0` HOPOPT `1` ICMP `2` IGMP `6` TCP `17` UDP `41` IPv6 `43` IPv6-Route `44` IPv6-Frag `47` GRE `50` ESP `51` AH `58` ICMPv6 `89` OSPF `103` PIM `132` SCTP
`RemoteIPAddress` UInt32	—
`LocalIPAddress` UInt32	—
`RemotePort` UInt16	—
`LocalPort` UInt16	—
`StartTime` FILETIME	—
`CloseTime` FILETIME	—