Thread: How to Read MS "pFirewall.txt" file, and IP deciphering
View Single Post
Old 01-25-2008, 09:34 AM   #3 (permalink)
SpenceQ
Newb Techie
 
Join Date: Nov 2007
Posts: 23
Default Re: How to Read MS "pFirewall.txt" file, and IP deciphering
Quote:
Originally Posted by Osiris View Post
post the log up and lets take a look
I'm posting a portion of the first page, as most of the key words are repeated
throughout the file which is lengthly. OP is WXP Pro, SP 2

What I'm looking for is who is using my connectivity while I've set no permissions to update. My send/receive goes nuts on occasion and can't detect who's up/down loading.

Exceptions Settings:

File printer Sharing - off
Remote assistance - on
Remote Desktop - off
UPnP Framework - on

"Log dropped packets is - enabled"
"Log successful connections is - disabled"

When "my secret friend" is down/uploading, TaskManager Shows High activity in:

Firefox.exe, svchost.exe, and csrss.exe

#Version: 1.5
#Software: Microsoft Windows Firewall
#Time Format: Local
#Fields: date time action protocol src-ip dst-ip src-port dst-port size tcpflags tcpsyn tcpack tcpwin icmptype icmpcode info path

2008-01-23 13:33:33 DROP UDP 202.97.238.200 216.209.139.45 43962 1026 485 - - - - - - - RECEIVE
2008-01-23 13:34:01 DROP UDP 218.10.137.139 216.209.139.45 47201 1027 485 - - - - - - - RECEIVE
2008-01-23 13:34:43 DROP TCP 216.209.168.73 216.209.139.45 43749 135 52 S 1639133699 0 60352 - - - RECEIVE
2008-01-23 13:35:30 DROP UDP 202.97.238.200 216.209.139.45 44721 1027 485 - - - - - - - RECEIVE
2008-01-23 13:35:30 DROP TCP 209.132.213.151 216.209.139.45 80 1072 40 A 3922545633 4169477860 64989 - - - RECEIVE
2008-01-23 13:35:30 DROP TCP 209.132.213.151 216.209.139.45 80 1072 40 FA 3922545633 4169477860 64989 - - - RECEIVE
2008-01-23 13:35:32 DROP UDP 221.208.208.101 216.209.139.45 45557 1026 486 - - - - - - - RECEIVE
2008-01-23 13:35:42 DROP TCP 209.132.213.151 216.209.139.45 80 1071 1500 A 583959127 3234938155 64367 - - - RECEIVE
2008-01-23 13:35:42 DROP TCP 209.132.213.151 216.209.139.45 80 1071 628 AP 583960587 3234938155 64367 - - - RECEIVE
2008-01-23 13:35:42 DROP TCP 209.132.213.151 216.209.139.45 80 1071 1500 A 583961175 3234938155 64367 - - - RECEIVE
2008-01-23 13:35:42 DROP TCP 209.132.213.151 216.209.139.45 80 1071 628 AP 583962635 3234938155 64367 - - - RECEIVE
2008-01-23 13:35:43 DROP TCP 209.132.213.151 216.209.139.45 80 1071 1500 A 583963223 3234938155 64367 - - - RECEIVE
2008-01-23 13:35:43 DROP TCP 209.132.213.151 216.209.139.45 80 1071 628 AP 583964683 3234938155 64367 - - - RECEIVE
2008-01-23 13:35:43 DROP TCP 209.132.213.151 216.209.139.45 80 1071 1500 A 583965271 3234938156 64367 - - - RECEIVE
2008-01-23 13:35:51 DROP TCP 209.132.213.151 216.209.139.45 80 1074 40 A 2585199913 384599677 64977 - - - RECEIVE
2008-01-23 13:35:51 DROP TCP 209.132.213.151 216.209.139.45 80 1074 40 FA 2585199913 384599677 64977 - - - RECEIVE
2008-01-23 13:36:00 DROP TCP 209.132.213.151 216.209.139.45 80 1073 1500 A 1630649412 3285033617 64351 - - - RECEIVE
2008-01-23 13:36:00 DROP TCP 209.132.213.151 216.209.139.45 80 1073 628 AP 1630650872 3285033617 64351 - - - RECEIVE
2008-01-23 13:36:00 DROP TCP 209.132.213.151 216.209.139.45 80 1073 1500 A 1630651460 3285033617 64351 - - - RECEIVE
2008-01-23 13:36:00 DROP TCP 209.132.213.151 216.209.139.45 80 1073 628 AP 1630652920 3285033617 64351 - - - RECEIVE
2008-01-23 13:36:01 DROP TCP 209.132.213.151 216.209.139.45 80 1073 1500 A 1630653508 3285033617 64351 - - - RECEIVE
2008-01-23 13:36:01 DROP TCP 209.132.213.151 216.209.139.45 80 1073 628 AP 1630654968 3285033617 64351 - - - RECEIVE
2008-01-23 13:36:01 DROP TCP 209.132.213.151 216.209.139.45 80 1073 1500 A 1630655556 3285033618 64351 - - - RECEIVE
2008-01-23 13:36:21 DROP TCP 209.226.111.88 216.209.139.45 58522 135 52 S 583940736

Thanks for the help

Spence
Last edited by SpenceQ; 01-25-2008 at 09:36 AM.
SpenceQ is offline   Reply With Quote