detection.wiki
Blog

Microsoft-Windows-Kernel-Network

22 events across 1 channel

Event IDTitleChannel
10TCPv4: %2 bytes transmitted from %4:%6 to %3:%5.Analytic
11TCPv4: %2 bytes received from %4:%6 to %3:%5.Analytic
12TCPv4: Connection attempted between %4:%6 and %3:%5.Analytic
13TCPv4: Connection closed between %4:%6 and %3:%5.Analytic
14TCPv4: %2 bytes retransmitted from %4:%6 to %3:%5.Analytic
15TCPv4: Connection established between %4:%6 and %3:%5.Analytic
16TCPv4: Reconnect attempt between %4:%6 and %3:%5.Analytic
17TCPv4: Connection attempt failed with error code %2.Analytic
18TCPv4: %2 bytes copied in protocol on behalf of user for connection between …Analytic
26TCPv6: %2 bytes transmitted from %4:%6 to %3:%5.Analytic
27TCPv6: %2 bytes received from %4:%6 to %3:%5.Analytic
28TCPv6: Connection attempted between %4:%6 and %3:%5.Analytic
29TCPv6: Connection closed between %4:%6 and %3:%5.Analytic
30TCPv6: %2 bytes retransmitted from %4:%6 to %3:%5.Analytic
31TCPv6: Connection established between %4:%6 and %3:%5.Analytic
32TCPv6: Reconnect attempt between %4:%6 and %3:%5.Analytic
34TCPv6: %2 bytes copied in protocol on behalf of user for connection between …Analytic
42UDPv4: %2 bytes transmitted from %4:%6 to %3:%5.Analytic
43UDPv4: %2 bytes received from %4:%6 to %3:%5.Analytic
49UDPv4: Connection attempt failed with error code %2.Analytic
58UDPv6: %2 bytes transmitted from %4:%6 to %3:%5.Analytic
59UDPv6: %2 bytes received from %4:%6 to %3:%5.Analytic

Event ID 10 — TCPv4: %2 bytes transmitted from %4:%6 to %3:%5.

Provider
Microsoft-Windows-Kernel-Network
Channel
Analytic

Message

TCPv4: %2 bytes transmitted from %4:%6 to %3:%5.

Fields

NameDescription
PID
size
daddr
saddr
dport
sport
startime
endtime
seqnum
connid

Event ID 11 — TCPv4: %2 bytes received from %4:%6 to %3:%5.

Provider
Microsoft-Windows-Kernel-Network
Channel
Analytic

Message

TCPv4: %2 bytes received from %4:%6 to %3:%5.

Fields

NameDescription
PID
size
daddr
saddr
dport
sport
seqnum
connid

Event ID 12 — TCPv4: Connection attempted between %4:%6 and %3:%5.

Provider
Microsoft-Windows-Kernel-Network
Channel
Analytic

Message

TCPv4: Connection attempted between %4:%6 and %3:%5.

Fields

NameDescription
PID
size
daddr
saddr
dport
sport
mss
sackopt
tsopt
wsopt
rcvwin
rcvwinscale
sndwinscale
seqnum
connid

Event ID 13 — TCPv4: Connection closed between %4:%6 and %3:%5.

Provider
Microsoft-Windows-Kernel-Network
Channel
Analytic

Message

TCPv4: Connection closed between %4:%6 and %3:%5.

Fields

NameDescription
PID
size
daddr
saddr
dport
sport
seqnum
connid

Event ID 14 — TCPv4: %2 bytes retransmitted from %4:%6 to %3:%5.

Provider
Microsoft-Windows-Kernel-Network
Channel
Analytic

Message

TCPv4: %2 bytes retransmitted from %4:%6 to %3:%5.

Fields

NameDescription
PID
size
daddr
saddr
dport
sport
seqnum
connid

Event ID 15 — TCPv4: Connection established between %4:%6 and %3:%5.

Provider
Microsoft-Windows-Kernel-Network
Channel
Analytic

Message

TCPv4: Connection established between %4:%6 and %3:%5.

Fields

NameDescription
PID
size
daddr
saddr
dport
sport
mss
sackopt
tsopt
wsopt
rcvwin
rcvwinscale
sndwinscale
seqnum
connid

Event ID 16 — TCPv4: Reconnect attempt between %4:%6 and %3:%5.

Provider
Microsoft-Windows-Kernel-Network
Channel
Analytic

Message

TCPv4: Reconnect attempt between %4:%6 and %3:%5.

Fields

NameDescription
PID
size
daddr
saddr
dport
sport
seqnum
connid

Event ID 17 — TCPv4: Connection attempt failed with error code %2.

Provider
Microsoft-Windows-Kernel-Network
Channel
Analytic

Message

TCPv4: Connection attempt failed with error code %2.

Fields

NameDescription
Proto
FailureCode

Event ID 18 — TCPv4: %2 bytes copied in protocol on behalf of user for connection between %4:%6 and %3:%5.

Provider
Microsoft-Windows-Kernel-Network
Channel
Analytic

Message

TCPv4: %2 bytes copied in protocol on behalf of user for connection between %4:%6 and %3:%5.

Fields

NameDescription
PID
size
daddr
saddr
dport
sport
seqnum
connid

Event ID 26 — TCPv6: %2 bytes transmitted from %4:%6 to %3:%5.

Provider
Microsoft-Windows-Kernel-Network
Channel
Analytic

Message

TCPv6: %2 bytes transmitted from %4:%6 to %3:%5.

Fields

NameDescription
PID
size
daddr
saddr
dport
sport
startime
endtime
seqnum
connid

Event ID 27 — TCPv6: %2 bytes received from %4:%6 to %3:%5.

Provider
Microsoft-Windows-Kernel-Network
Channel
Analytic

Message

TCPv6: %2 bytes received from %4:%6 to %3:%5.

Fields

NameDescription
PID
size
daddr
saddr
dport
sport
seqnum
connid

Event ID 28 — TCPv6: Connection attempted between %4:%6 and %3:%5.

Provider
Microsoft-Windows-Kernel-Network
Channel
Analytic

Message

TCPv6: Connection attempted between %4:%6 and %3:%5.

Fields

NameDescription
PID
size
daddr
saddr
dport
sport
mss
sackopt
tsopt
wsopt
rcvwin
rcvwinscale
sndwinscale
seqnum
connid

Event ID 29 — TCPv6: Connection closed between %4:%6 and %3:%5.

Provider
Microsoft-Windows-Kernel-Network
Channel
Analytic

Message

TCPv6: Connection closed between %4:%6 and %3:%5.

Fields

NameDescription
PID
size
daddr
saddr
dport
sport
seqnum
connid

Event ID 30 — TCPv6: %2 bytes retransmitted from %4:%6 to %3:%5.

Provider
Microsoft-Windows-Kernel-Network
Channel
Analytic

Message

TCPv6: %2 bytes retransmitted from %4:%6 to %3:%5.

Fields

NameDescription
PID
size
daddr
saddr
dport
sport
seqnum
connid

Event ID 31 — TCPv6: Connection established between %4:%6 and %3:%5.

Provider
Microsoft-Windows-Kernel-Network
Channel
Analytic

Message

TCPv6: Connection established between %4:%6 and %3:%5.

Fields

NameDescription
PID
size
daddr
saddr
dport
sport
mss
sackopt
tsopt
wsopt
rcvwin
rcvwinscale
sndwinscale
seqnum
connid

Event ID 32 — TCPv6: Reconnect attempt between %4:%6 and %3:%5.

Provider
Microsoft-Windows-Kernel-Network
Channel
Analytic

Message

TCPv6: Reconnect attempt between %4:%6 and %3:%5.

Fields

NameDescription
PID
size
daddr
saddr
dport
sport
seqnum
connid

Event ID 34 — TCPv6: %2 bytes copied in protocol on behalf of user for connection between %4:%6 and %3:%5.

Provider
Microsoft-Windows-Kernel-Network
Channel
Analytic

Message

TCPv6: %2 bytes copied in protocol on behalf of user for connection between %4:%6 and %3:%5.

Fields

NameDescription
PID
size
daddr
saddr
dport
sport
seqnum
connid

Event ID 42 — UDPv4: %2 bytes transmitted from %4:%6 to %3:%5.

Provider
Microsoft-Windows-Kernel-Network
Channel
Analytic

Message

UDPv4: %2 bytes transmitted from %4:%6 to %3:%5.

Fields

NameDescription
PID
size
daddr
saddr
dport
sport
seqnum
connid

Event ID 43 — UDPv4: %2 bytes received from %4:%6 to %3:%5.

Provider
Microsoft-Windows-Kernel-Network
Channel
Analytic

Message

UDPv4: %2 bytes received from %4:%6 to %3:%5.

Fields

NameDescription
PID
size
daddr
saddr
dport
sport
seqnum
connid

Event ID 49 — UDPv4: Connection attempt failed with error code %2.

Provider
Microsoft-Windows-Kernel-Network
Channel
Analytic

Message

UDPv4: Connection attempt failed with error code %2.

Fields

NameDescription
Proto
FailureCode

Event ID 58 — UDPv6: %2 bytes transmitted from %4:%6 to %3:%5.

Provider
Microsoft-Windows-Kernel-Network
Channel
Analytic

Message

UDPv6: %2 bytes transmitted from %4:%6 to %3:%5.

Fields

NameDescription
PID
size
daddr
saddr
dport
sport
seqnum
connid

Event ID 59 — UDPv6: %2 bytes received from %4:%6 to %3:%5.

Provider
Microsoft-Windows-Kernel-Network
Channel
Analytic

Message

UDPv6: %2 bytes received from %4:%6 to %3:%5.

Fields

NameDescription
PID
size
daddr
saddr
dport
sport
seqnum
connid