Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

reading log files in windows xp


  • Please log in to reply
3 replies to this topic

#1 nawin_g

nawin_g

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:04:20 AM

Posted 29 June 2005 - 09:20 AM

hi

i have installed windows xp with service pack 2.

i am connected to a lan with few more systems.

i learnt that C:\windows\pfirewall.txt records all the logs so i went and tried to read that.

i could follow a little bit like wether the packet was dropped r etc and wether its a TCP / UDP packet

but i would like to know in what order the IP address are recorded.

please explain me by taking one line as example.

i am including few lines from my pfirewall.txt

#Version: 1.5
#Software: Microsoft Windows Firewall
#Time Format: Local
#Fields: date time action protocol src-ip dst-ip src-port dst-port size tcpflags tcpsyn tcpack tcpwin icmptype icmpcode info path

2005-06-29 19:37:09 CLOSE TCP 220.226.9.111 66.94.234.72 1628 80 - - - - - - - - -
2005-06-29 19:37:10 OPEN UDP 192.168.0.1 192.168.0.59 53 1539 - - - - - - - - -
2005-06-29 19:37:10 OPEN TCP 220.226.9.111 64.233.189.104 61742 443 - - - - - - - - -
2005-06-29 19:37:11 DROP TCP 220.226.19.213 220.226.9.111 3725 135 48 S 1215831297 0 16384 - - - RECEIVE
2005-06-29 19:37:11 OPEN TCP 220.226.9.111 203.197.24.210 61743 80 - - - - - - - - -
2005-06-29 19:37:11 DROP UDP 220.226.10.250 220.226.9.111 1032 137 78 - - - - - - - RECEIVE
2005-06-29 19:37:12 OPEN TCP 220.226.9.111 202.43.219.14 61744 80 - - - - - - - - -
2005-06-29 19:37:12 CLOSE TCP 220.226.9.111 216.239.57.19 61641 80 - - - - - - - - -
2005-06-29 19:37:12 CLOSE TCP 220.226.9.111 203.197.24.210 61723 80 - - - - - - - - -
2005-06-29 19:37:12 CLOSE UDP 220.226.9.111 202.138.96.2 1046 53 - - - - - - - - -

BC AdBot (Login to Remove)

 


#2 Rimmer

Rimmer

  • Members
  • 2,159 posts
  • OFFLINE
  •  
  • Location:near Sydney, Australia
  • Local time:07:20 PM

Posted 29 June 2005 - 09:26 PM

but i would like to know in what order the IP address are recorded.


That's what the "Fields" line is for...

date time action protocol src-ip dst-ip src-port dst-port


src-ip = the ip address of the source of the packet
dst-ip = the destination address of the packet.

hth :thumbsup:

Soltek QBIC, Pentium 4 3.0GHz, 512MB RAM, 200GB SATA HDD, ATI Radeon 9600XT 256MB, Netgear 54Mb/s WAP, ridiculously expensive Satellite Broadband
Windows XP Home SP2, Trend Micro Internet Security, Firefox, Thunderbird, AdAwareSE, Spybot S&D, SpywareBlaster, A-squared Free, Ewido Security Suite.

#3 nawin_g

nawin_g
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:04:20 AM

Posted 30 June 2005 - 07:45 AM

sorry i didnt notice that. i was in a little bit of haze.
thnks 4 guiding me

#4 Rimmer

Rimmer

  • Members
  • 2,159 posts
  • OFFLINE
  •  
  • Location:near Sydney, Australia
  • Local time:07:20 PM

Posted 30 June 2005 - 06:12 PM

No worries! :thumbsup:

Soltek QBIC, Pentium 4 3.0GHz, 512MB RAM, 200GB SATA HDD, ATI Radeon 9600XT 256MB, Netgear 54Mb/s WAP, ridiculously expensive Satellite Broadband
Windows XP Home SP2, Trend Micro Internet Security, Firefox, Thunderbird, AdAwareSE, Spybot S&D, SpywareBlaster, A-squared Free, Ewido Security Suite.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users