detection.wiki

Microsoft-Windows-Winsock-Sockets

16 events across 1 channel

Event IDTitleChannel
1Operational
2Operational
3Operational
4Operational
5Operational
6Operational
7Operational
8Operational
9Operational
10Operational
11Operational
12Operational
13Operational
14Operational
15Operational
16Operational

Event ID 1 —

Provider
Microsoft-Windows-Winsock-Sockets
Channel
Operational
Task
SockCreate
Opcode
Start

Event ID 2 —

Provider
Microsoft-Windows-Winsock-Sockets
Channel
Operational
Task
SockCreate
Opcode
Stop

Fields #

NameDescription
ErrorCode HexInt32
Socket Pointer
AddressFamily UInt32
SocketType UInt32
Protocol UInt32
Known values
0
HOPOPT
1
ICMP
2
IGMP
6
TCP
17
UDP
41
IPv6
43
IPv6-Route
44
IPv6-Frag
47
GRE
50
ESP
51
AH
58
ICMPv6
89
OSPF
103
PIM
132
SCTP
ProcessId UInt32
FailurePoint HexInt32

Event ID 3 —

Provider
Microsoft-Windows-Winsock-Sockets
Channel
Operational
Task
SockClose
Opcode
Start

Event ID 4 —

Provider
Microsoft-Windows-Winsock-Sockets
Channel
Operational
Task
SockClose
Opcode
Stop

Fields #

NameDescription
ErrorCode HexInt32
Socket Pointer
IsProviderSocket Boolean
FailurePoint HexInt32

Event ID 5 —

Provider
Microsoft-Windows-Winsock-Sockets
Channel
Operational
Task
SockAccept
Opcode
Start

Event ID 6 —

Provider
Microsoft-Windows-Winsock-Sockets
Channel
Operational
Task
SockAccept
Opcode
Stop

Fields #

NameDescription
ErrorCode HexInt32
SocketAccepted Pointer
SocketListening Pointer
ProcessId UInt32
FailurePoint HexInt32

Event ID 7 —

Provider
Microsoft-Windows-Winsock-Sockets
Channel
Operational
Task
SockSetOpt
Opcode
Start

Event ID 8 —

Provider
Microsoft-Windows-Winsock-Sockets
Channel
Operational
Task
SockSetOpt
Opcode
Stop

Fields #

NameDescription
ErrorCode HexInt32
Socket Pointer
Level Int32
OptName Int32
OptLen UInt32
OptVal Binary
FailurePoint HexInt32

Event ID 9 —

Provider
Microsoft-Windows-Winsock-Sockets
Channel
Operational
Task
SockConnect
Opcode
Start

Event ID 10 —

Provider
Microsoft-Windows-Winsock-Sockets
Channel
Operational
Task
SockConnect
Opcode
Stop

Fields #

NameDescription
ErrorCode HexInt32
Socket Pointer
AddressLength UInt32
Address Binary
FailurePoint HexInt32

Event ID 11 —

Provider
Microsoft-Windows-Winsock-Sockets
Channel
Operational
Task
SockBind
Opcode
Start

Event ID 12 —

Provider
Microsoft-Windows-Winsock-Sockets
Channel
Operational
Task
SockBind
Opcode
Stop

Fields #

NameDescription
ErrorCode HexInt32
Socket Pointer
AddressLength UInt32
Address Binary
FailurePoint HexInt32

Event ID 13 —

Provider
Microsoft-Windows-Winsock-Sockets
Channel
Operational
Task
SockGetOpt
Opcode
Start

Event ID 14 —

Provider
Microsoft-Windows-Winsock-Sockets
Channel
Operational
Task
SockGetOpt
Opcode
Stop

Fields #

NameDescription
ErrorCode HexInt32
Socket Pointer
Level Int32
OptName Int32
OptLen UInt32
OptVal Binary
FailurePoint HexInt32

Event ID 15 —

Provider
Microsoft-Windows-Winsock-Sockets
Channel
Operational
Task
SockListen
Opcode
Start

Event ID 16 —

Provider
Microsoft-Windows-Winsock-Sockets
Channel
Operational
Task
SockListen
Opcode
Stop

Fields #

NameDescription
ErrorCode HexInt32
Socket Pointer
Backlog Int32
FailurePoint HexInt32