 
|
Who's There? Firewall Advisor User's Guide Appendices
|
 |
|
|
Who's There? Firewall Advisor User's Guide Appendices
|
|
Notes on installation
The installation procedure described in Getting Started will not work if your browser is set to not auto-open downloaded files. In this case, use the instructions below.
If you wish to keep the DoorStop installer for possible future use, drag it out of the trash to an appropriate location on your drive and follow the instructions below.
To use the installer, double-click it to cause a disk image to be created and mounted on your desktop. Close the disk image's window, select the mounted disk image, and type cmd-D (the Finder's Duplicate command under the File menu). A folder containing the contents of the disk image is created. You can then unmount the disk image and copy the folder to the Applications folder.
TCP & UDP Port Numbers of commonly used Macintosh services (6, Port Numbers)
For the latest information on port numbers, see the list on our Web site.
Log file format (12, Features)
Apr 22 16:28:08 iMac ipfw: 58 Deny TCP 192.168.1.101:54394 192.168.1.102:23
in via en0
Apr 22 16:28:09 iMac ipfw: 64001 Accept UDP 192.168.1.101:50147
239.255.255.253:548 in via en0
Sample Log Lines
date
time
machine name
ipfw rule #
result
protocol
source address:port
dest address:port
direction
interface
Apr 22
16:28:08
iMac ipfw:
58
Deny
TCP
192.168.1.101:54394
192.168.1.102:23
in
via en0
Apr 22
16:28:09
iMac ipfw:
64001
Accept
UDP
192.168.1.101:50147
239.255.255.253:548
in
via en0
Note that DoorStop X 1.1 and later writes a special line at the beginning of every new log file. This line contains the year of the date on which the log file was created, and may be used by future versions of Who's There?
DoorStop's log file may contain information useful in spotting potential security violations, although log files also tend to be large and difficult to read. The simplest way to analyze a log file for patterns that may indicate suspicious activity is to use a firewall log analysis tool, like Open Door's Who's There? Firewall Advisor. Who's There? reads in the entire log file, and summarizes its contents in ways that make it easy to identify patterns in the access attempts made to your machine.
