Reading pfirewall log from SP2 FW

  • Thread starter Thread starter Markk
  • Start date Start date
M

Markk

I'm looking over the pfirewall log file from the sp2 firewall, but do not
know what all the columns are. Are there any documents, guides, or
helpscreens in MS's web site or on XP that discuss what the different
columns mean?

MarkK
 
In case it's not clear:

Date
Time
Action
Protocol
Source IP Address
Destination IP Address
Source Port
Destination Port
Size (in bytes, I imagine)
TCP Flags
TCP SYN (sequence)
TCP ACK (sequence)
TCP Window Size
ICMP Type
ICMP Code
Info
Path

The dashes indicate that there is no data for the specific field. For
further info on what all the fields mean, you may need to refer to a book on
TCP/IP or look for help online.
 
Markk said:
I'm looking over the pfirewall log file from the sp2 firewall, but do not
know what all the columns are. Are there any documents, guides, or
helpscreens in MS's web site or on XP that discuss what the different
columns mean?
Hi

Troubleshooting Windows Firewall settings in Windows XP Service Pack 2
http://support.microsoft.com/default.aspx?kbid=875357

A much more detailed version:

Troubleshooting Windows Firewall in Microsoft Windows XP Service Pack 2
http://www.microsoft.com/downloads/...46-131d-4617-bf68-f0532d8db131&DisplayLang=en
 
regardting the ACTION part of this log.

Hello I wanted to know which party actually initiates the ACTION part of the logs. For instance consider the below line :


2009-02-24 17:59:17 DROP TCP 219.232.241.91 192.168.1.11 53 1030 44 SA 2753332707 3917350020 5840 - - - RECEIVE


Here this is a line from pfirewall.log from my laptop who's suffering from unavailable TCP/IP connection with an Orange Livebox ADSL router. I have been fighting with this for weeks, I'm trying to determine if it's my winXP SP2 who needs fixing/ reinstall or is it the router that's systematically dropping TCP/UDP/FTP packets while my PC gains connectivity without any problem.


please clarify.

regards,
Didier
 

Attachments

Back
Top