Firewall Flags

Discussion in 'Windows Networking' started by MikeV06, Jan 4, 2006.

  1. MikeV06

    MikeV06 Guest

    Does anyone know where one can get detailed documentation about the W2003
    Firewall, especially with regard to the flags? For example, in the log
    entry below, I would like to be able to decode tcpflags, tcpsyn, tcpack,
    and tcpwin.

    Further, I do understand why the firewall drops so many packets that appear
    to be at the end of a session? Besides appearing to be unnecessary, they
    also add a lot of noise to the log when trying to examine them for more
    important drops.

    #Fields: date time action protocol src-ip dst-ip src-port dst-port size
    tcpflags tcpsyn tcpack tcpwin icmptype icmpcode info path
    2006-01-04 09:00:28 DROP TCP 216.86.167.206 192.168.1.95 443 2894 40 R
    23975594 0 0 - - - RECEIVE
    2006-01-04 09:01:17 DROP TCP 216.86.167.206 192.168.1.95 443 2905 40 FA
    1447692800 4249055857 58400 - - - RECEIVE
    2006-01-04 09:01:17 DROP TCP 216.86.167.206 192.168.1.95 443 2905 40 FA
    1447692800 4249055858 58400 - - - RECEIVE
     
    MikeV06, Jan 4, 2006
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.