Does anyone know where one can get detailed documentation about the W2003
Firewall, especially with regard to the flags? For example, in the log
entry below, I would like to be able to decode tcpflags, tcpsyn, tcpack,
and tcpwin.
Further, I do understand why the firewall drops so many packets that appear
to be at the end of a session? Besides appearing to be unnecessary, they
also add a lot of noise to the log when trying to examine them for more
important drops.
#Fields: date time action protocol src-ip dst-ip src-port dst-port size
tcpflags tcpsyn tcpack tcpwin icmptype icmpcode info path
2006-01-04 09:00:28 DROP TCP 216.86.167.206 192.168.1.95 443 2894 40 R
23975594 0 0 - - - RECEIVE
2006-01-04 09:01:17 DROP TCP 216.86.167.206 192.168.1.95 443 2905 40 FA
1447692800 4249055857 58400 - - - RECEIVE
2006-01-04 09:01:17 DROP TCP 216.86.167.206 192.168.1.95 443 2905 40 FA
1447692800 4249055858 58400 - - - RECEIVE
|
Similar Threads
Linear Mode
