|
Icon |
Description |
|
|
Full data packet captured |
The Packet Log captures every packet of data that enters or leaves a port on your computer. The Packet Log is disabled by default in the Personal Firewall because of its potentially large size.
To enable the Packet Log, open the Options window by selecting Options... from the Tools menu. Click on the Log tab and click the check box next to the text Enable Packet Log. Then click Apply. If you do not have an Options window, the Packet Log is not available for your Personal Firewall.
To view the Packet Log on the Personal Firewall:
Click the down-arrow near
the Logs icon on the toolbar,
and then choose Packet Log...
OR
Click Tools|Logs|Packet Log...
OR
Right-click the Tool Bar icon, and then click Logs|Packet
Log...
You can also click the down-arrow next to the Logs icon to choose a different log. The most recently viewed log appears by default, but you can choose any of the logs to view.
From the View list, select Local View, the default setting, or Source View. You can select how you view local and remote IP addresses or ports.
If you select Local View from the View list, then Remote Host, Remote Port, Local Host, and Local Port information appear. The Remote Host and Remote Port always represent the IP address and port of the attempted attacker whereas Local Host address and Local Port always represent your IP address and your port. Your system is always considered the Local system.
If you select Source View from the View list, then Remote Host, Remote Port, Local Host and Local Port information no longer appear. Instead, Source Host, Source Port, Destination Host, and Destination Port appear.
If someone sends a message or attacks your system, then the originator's IP address and port are listed in the Source Host and Source Port columns whereas your IP number and your port are listed in the Destination Host and Destination Port because you are the recipient.
If you send a message or attack someone else's system, then your IP address and port are listed in the Source Host and Source Port columns whereas the recipient's IP number and port are listed in the Destination Host and Destination Port sections.
Click a different log name if you wish to view a different log.
Click Refresh or press F5 to update the log that you are viewing.
Icons for the Packet Log
There is only one icon displayed in the Packet Log. It indicates the capturing of raw data packets.
|
Icon |
Description |
|
|
Full data packet captured |
Firewall Packet Log Parameters and Description
Each row represents a logged event, and the columns display information regarding the event. The columns are:
|
Name of Parameter |
Description |
|
Time |
The exact date and time that the packet was logged |
|
Remote Host |
Name of the remote computer (only appears in Local View - this is the default) |
|
Remote Port |
Port on the remote host that sent/received the traffic (only appears in Local View - this is the default) |
|
Local Host |
IP Address of the local computer (only appears in Local View - this is the default) |
|
Local Port |
Port used on the Personal Firewall computer for this packet (only appears in Local View - this is the default) |
|
Source Host |
Name of the source computer (only appears in Source View) |
|
Source Port |
Port on the source host that sent/received the traffic (only appears in Source View) |
|
Destination Host |
IP Address of the destination computer (only appears in Source View) |
|
Destination Port |
Port used on the destination computer for this packet (only appears in Source View) |
|
Direction |
Direction that the traffic was traveling in (incoming or outgoing) |
|
Action |
Action taken by the Personal Firewall: Blocked or Allowed |
|
Application Name |
Name of the application associated with the packet |
Packet Decode and Packet Dump for the Packet Log
Below the Log Viewer are two additional data fields that provide further detail regarding the selected event. In the Packet Log, these fields are labeled Packet Decode, which provides data on the type of packet logged, and Packet Dump, which records the actual data packet.
Back Tracing Packet Log Events
From the Packet Log file, click on the event you want to back trace so that the entire row is highlighted.
Either right-click the row and select Back Trace from the pop-up window or click the Action menu and select Back Trace.
The Personal Firewall traces the event information. The Back Trace Information window is displayed with a trace route log.
Click Detail
at the bottom of the Back Trace
Information window to view detailed information about the original IP
address.
A drop panel displays detailed information about the owner of the IP
Address from which the traffic event originated.
Click Detail again to hide the information.
Viewing the Packet Log Events by Date
To filter the log events by date:
Click the View menu in the Log Viewer window.
Select which events you want to view from the list:
|
Events for... |
Displays... |
|
1 Day Logs |
the events recorded on the current day |
|
2 Day Logs |
the events recorded over the past 2 days |
|
3 Day Logs |
the events recorded over the last 3 days, including the current day |
|
1 Week Logs |
the events recorded over the past 7 days |
|
2 Week Logs |
the events recorded over the past 14 days |
|
1 Month Logs |
the events recorded over the last 30 days |
|
Show All Logs |
all Packet Log events |
The log is automatically displays the requested events.
