Winsock Tracing
Applies To: Windows Server 2008
Winsock does not log events unless Event Tracing for Windows (ETW) is enabled for Microsoft-Windows-Winsock-AFD, which is disabled by default. After ETW is enabled, an event is logged whenever a Winsock-based application uses one of the core Winsock operations, such as creating a socket.
To verify that tracing for Winsock is enabled:
- To start tracing, at the command prompt, type logman start winsocktrace -p Microsoft-Windows-Winsock-AFD –o winsocktrace.etl –ets.
- To stop tracing, type logman stop winsocktrace -ets.
- To view the report in XML format, type tracerpt winsocktrace.etl -y -o winsocktracelog.xml -of xml.
Note: Alternatively, tracing can be enabled or disabled by using Event Viewer.
Events
| Event ID | Source | Message |
|---|---|---|
Microsoft-Windows-Winsock-WS2HELP |
Socket creation: %1 %2 %3 %4 %5 | |
Microsoft-Windows-Winsock-WS2HELP |
Socket bind: %1 %2 %3 %4 %5 | |
Microsoft-Windows-Winsock-WS2HELP |
Socket bind: %1 %2 %3 %4 %5 | |
Microsoft-Windows-Winsock-WS2HELP |
Socket connect: %1 %2 %3 %4 | |
Microsoft-Windows-Winsock-WS2HELP |
Socket connect: %1 %2 %3 %4 | |
Microsoft-Windows-Winsock-WS2HELP |
Connect completed: %1 %2 %3 | |
Microsoft-Windows-Winsock-WS2HELP |
AFD initiated abort: %1 %2 %3 | |
Microsoft-Windows-Winsock-WS2HELP |
Transport initiated abort: %1 %2 %3 | |
Microsoft-Windows-Winsock-WS2HELP |
Failed send request: %1 %2 %3 | |
Microsoft-Windows-Winsock-WS2HELP |
Failed WSASendMsg request: %1 %2 %3 | |
Microsoft-Windows-Winsock-WS2HELP |
Failed recv request: %1 %2 %3 | |
Microsoft-Windows-Winsock-WS2HELP |
Failed recvfrom request: %1 %2 %3 | |
Microsoft-Windows-Winsock-WS2HELP |
Socket close: %1 %2 %3 | |
Microsoft-Windows-Winsock-WS2HELP |
Socket cleanup (all references removed): %1 %2 %3 | |
Microsoft-Windows-Winsock-WS2HELP |
Socket accept: %1 %2 %3 %4 %5 | |
Microsoft-Windows-Winsock-WS2HELP |
Socket accept: %1 %2 %3 %4 %5 | |
Microsoft-Windows-Winsock-WS2HELP |
Accept failed: %1 %2 %3 | |
Microsoft-Windows-Winsock-WS2HELP |
Send posted: %1 %2 %3 %4 %5 %6 | |
Microsoft-Windows-Winsock-WS2HELP |
Receive posted: %1 %2 %3 %4 %5 %6 | |
Microsoft-Windows-Winsock-WS2HELP |
RecvFrom posted: %1 %2 %3 %4 %5 %6 | |
Microsoft-Windows-Winsock-WS2HELP |
SendTo posted: %1 %2 %3 %4 %5 %6 %7 %8 | |
Microsoft-Windows-Winsock-WS2HELP |
SendTo posted: %1 %2 %3 %4 %5 %6 %7 %8 | |
Microsoft-Windows-Winsock-WS2HELP |
Recv completed: %1 %2 %3 %4 | |
Microsoft-Windows-Winsock-WS2HELP |
Send completed: %1 %2 %3 %4 | |
Microsoft-Windows-Winsock-WS2HELP |
SendMsg completed: %1 %2 %3 %4 | |
Microsoft-Windows-Winsock-WS2HELP |
RecvFrom completed: %1 %2 %3 %4 %5 %6 %7 | |
Microsoft-Windows-Winsock-WS2HELP |
RecvFrom completed: %1 %2 %3 %4 %5 %6 %7 | |
Microsoft-Windows-Winsock-WS2HELP |
SendTo completed: %1 %2 %3 %4 | |
Microsoft-Windows-Winsock-WS2HELP |
Socket option set: %1 %2 %3 %4 | |
Microsoft-Windows-Winsock-WS2HELP |
Select/Poll posted: %1 %2 %3 | |
Microsoft-Windows-Winsock-WS2HELP |
Select/Poll completed: %1 %2 %3 | |
Microsoft-Windows-Winsock-WS2HELP |
WSAEventSelect: %1 %2 %3 | |
Microsoft-Windows-Winsock-WS2HELP |
Datagram dropped: %1 %2 %3 %4 %5 %6 | |
Microsoft-Windows-Winsock-WS2HELP |
Datagram dropped: %1 %2 %3 %4 %5 %6 | |
Microsoft-Windows-Winsock-WS2HELP |
Connection indicated: %1 %2 %3 %4 | |
Microsoft-Windows-Winsock-WS2HELP |
Connection indicated: %1 %2 %3 %4 | |
Microsoft-Windows-Winsock-WS2HELP |
Data indicated from transport: %1 %2 %3 | |
Microsoft-Windows-Winsock-WS2HELP |
Data indicated from transport: %1 %2 %3 %4 %5 | |
Microsoft-Windows-Winsock-WS2HELP |
Data indicated from transport: %1 %2 %3 %4 %5 | |
Microsoft-Windows-Winsock-WS2HELP |
Failed bind: %1 %2 %3 |