Event ID - 3223

Event Id3223
SourceEventTracker
DescriptionSocket CREATED:
      Type: TCP
      Status: New
      Local Address: <Local address>
      Local Port: <Port number >
      Remote Address: <Remote Address>
      Remote Port: <Remote Port number >
      Connection State: <Connection state>
      Process ID:<Process ID>
      Process Name: <Process name>
      Image File Name: <Full path of the file name>
     
Event Information
Cause:
The event is logged by EventTracker as part of the Network Connection Monitoring feature where every new TCP or UDP connection can be logged as an Event. This event specifies that a new TCP based connection has been established to the PORT mentioned.It also gives the information about the process name which created the connection.
Resolution:
This event is Logged as Information event when EventTracker Agent is configured to monitor all network traffic(NCM).
Verify the process name,File path,port number,Source and destination address of connection .

This event is Logged as Warning event when EventTracker Agent is configured to monitor Suspicious network traffic(SNAM).And process name,Local port and remote port is not available in trusted list.

Verify the process name,File path,port number,Source and destination address of connection .This indicates that some unusual connection between source and destination which can be worm or trojan.If this is trusted connection add it to trusted list or Remove this process and block the port in firewall..

EventTracker provides users with an option to monitor all new connections, changes to existing connections and termination of existing connections. The description of this event contains

- The Type of Connection, i.e. TCP

- Details of the system on which the new connection was created, i.e. Local IP Address and Port Number

- Details of the system, which initiated the new connection, i.e. Remote IP Address and Port Number

- Details about the state of the connection

- Details of the local process that is providing this connection.



Related Events:
Event ID: 3224, Event Source: EventTracker
Event ID: 3225, Event Source: EventTracker
Reference Links

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.
 Refresh