• Security Logging
  • Log dropped packets
  • Windows Firewall Logging File




    Download 290 Kb.
    bet17/21
    Sana24.03.2021
    Hajmi290 Kb.
    #13513
    1   ...   13   14   15   16   17   18   19   20   21

    Windows Firewall Logging File


    To determine whether a specific computer is dropping packets, enable Windows Firewall logging, either on an individual computer or through Group Policy settings. Then, check the Windows Firewall log file for entries that correspond to the suspected traffic.

    The Pfirewall.log file, stored by default in your main Windows folder, records either discarded incoming requests or successful connections based on the Security Logging settings on the Advanced tab in the Windows Firewall component of Control Panel or through the Windows Firewall: Allow logging Group Policy setting. You can use the contents of the Pfirewall.log file to determine whether traffic is reaching the computer on which Windows Firewall is enabled without having to create an exception or enable ICMP traffic.

    For example, when you select the Log dropped packets check box, all incoming traffic that is discarded by the firewall is logged in the Pfirewall.log file. You can view this file by double-clicking it in your main Windows folder with Windows Explorer. Use the contents of the log file to determine whether traffic reached your computer and was discarded by Windows Firewall.

    Here is an example of the contents of the Pfirewall.log file:

    #Version: 1.5

    #Software: Microsoft Windows Firewall

    #Time Format: Local

    #Fields: date time action protocol src-ip dst-ip src-port dst-port size tcpflags tcpsyn tcpack tcpwin icmptype icmpcode info path


    2004-07-08 15:22:30 DROP UDP 159.60.137.221 255.255.255.255 3134 712 88 - - - - - - - RECEIVE

    2004-07-08 15:22:31 DROP UDP 159.60.138.21 239.255.255.250 3289 1900 161 - - - - - - - RECEIVE

    2004-07-08 15:22:34 DROP UDP 159.60.138.21 239.255.255.250 3289 1900 161 - - - - - - - RECEIVE

    2004-07-08 15:22:35 DROP UDP 159.60.138.134 239.255.255.250 3507 1900 161 - - - - - - - RECEIVE

    2004-07-08 15:22:37 DROP UDP 159.60.138.21 239.255.255.250 3289 1900 161 - - - - - - - RECEIVE

    2004-07-08 15:22:37 DROP UDP 159.60.136.211 239.255.255.250 4274 1900 161 - - - - - - - RECEIVE

    2004-07-08 15:22:38 DROP UDP 159.60.138.134 239.255.255.250 3507 1900 161 - - - - - - - RECEIVE

    2004-07-08 15:22:38 DROP UDP 192.168.0.1 239.255.255.250 1900 1900 280 - - - - - - - RECEIVE

    You can also use the contents of the Pfirewall.log file to determine whether a malicious Internet user has scanned your computer.


    Download 290 Kb.
    1   ...   13   14   15   16   17   18   19   20   21




    Download 290 Kb.