Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Software or Windows 7 feature to log incoming network connections

29 Nov 2017   #1
dc2000

Windows
 
 
Software or Windows 7 feature to log incoming network connections

We have a network DVR box in our small office that records from several of our security cameras. It is basically a Windows 7 Embedded Standard OS with a proprietary DVR software on it. We can connect to that DVR from the internet via a static IP using a smartphone.

So I was wondering, if there's a feature in Windows firewall, or maybe if there's some third party software that would allow to log every (outside) incoming connection to that computer?

I basically want to have a log of everything that's connecting to that computer.

PS. The DVR software in question is exacqVision, which has a very weird configuration interface where I couldn't find any logging support.


My System SpecsSystem Spec
.
29 Nov 2017   #2
mrjimphelps

Linux Mint 18.2 xfce 64-bit (VMWare host) / Windows 8.1 Pro 32-bit (VMWare guest)
 
 

All of the following should be helpful to you:

Windows Firewall Log:
https://technet.microsoft.com/en-us/...(v=ws.10).aspx

Netstat:
https://superuser.com/questions/4743...ock-certain-ip

Free Sysinternals program called TCPView:
https://docs.microsoft.com/en-us/sys...nloads/tcpview
My System SpecsSystem Spec
29 Nov 2017   #3
dc2000

Windows
 
 

Thanks. The Windows firewall log did the trick. Interesting how there exist things in plain sight that you never knew were even there :)

I actually found it myself before your post. I followed the instructions from here:
Configure the Windows Firewall Log

The guy in the comments gave the best step-by-step instructions how to set it up. I'll copy it here in case MS decide to remove that comment:


Quote:
In order to enable firewall logging on Windows 7 and Windows server 2008 R2 machine we need to follow the steps given below.



1. Go to Start and in RUN type wf.msc .


2. This opens up “Windows Firewall with Advanced Security” window.


3. Then right click on “Windows Firewall with Advanced Security on Local Computer” and go to properties.


4. When clicked on properties a new window opens. Now Select “Customize” option under logging.


5. The default path for the log is %windir%\system32\logfiles\firewall\pfirewall.log. If you want to change the path click Browse to select a file location.


6. The default maximum file size for the log is 4,096 kilobytes (KB). If you want to change this the type in the new size in KB, or use the up and down arrows to select a size. The file will not grow beyond this size; when the limit is reached, old log entries are deleted to make room for the newly created ones.

7. No logging occurs until you set one of following two options:

* To create a log entry when Windows Firewall drops an incoming network packet, change Log dropped packets to Yes.


* To create a log entry when Windows Firewall allows an inbound connection, change Log successful connections to Yes.


8. Click OK twice to complete your configuration.


What was confusing at first is that I had to set it up in 3 different tabs for Domain Profile, Private Profile and Public Profile tabs. I set up 3 different custom log files, and in my case only Public one is being filled in. Also I had to set up an ACL on the log file for read access for my logon Windows user in Properties -> Security to be able to open it.

And it will work then.

I have a quick follow-up though. I see the following entries in the log:


Quote:
#Fields: date time action protocol src-ip dst-ip src-port dst-port size tcpflags tcpsyn tcpack tcpwin icmptype icmpcode info path

2017-11-29 09:36:46 ALLOW 2 10.1.10.51 224.0.0.251 - - 0 - - - - - - - SEND
2017-11-29 09:36:58 ALLOW 2 10.1.10.51 239.255.255.250 - - 0 - - - - - - - SEND
2017-11-29 09:37:05 ALLOW 2 10.1.10.51 224.0.0.252 - - 0 - - - - - - - SEND
2017-11-29 09:37:16 ALLOW 2 10.1.10.51 239.255.255.250 - - 0 - - - - - - - SEND
2017-11-29 09:37:46 ALLOW 2 10.1.10.51 224.0.0.9 - - 0 - - - - - - - SEND
2017-11-29 09:37:58 ALLOW 2 10.1.10.51 224.0.0.252 - - 0 - - - - - - - SEND
2017-11-29 09:38:05 ALLOW 2 10.1.10.51 224.0.0.252 - - 0 - - - - - - - SEND
I'm curious, what are those 224.*.*.* and sometimes 239.*.*.* ips that it's sending to? The log is peppered with them. 10.1.10.51 is that box's ipv4 address.
My System SpecsSystem Spec
.

29 Nov 2017   #4
mrjimphelps

Linux Mint 18.2 xfce 64-bit (VMWare host) / Windows 8.1 Pro 32-bit (VMWare guest)
 
 

Thank you very much for including the detailed instructions.

The "src-ip" addresses, being all the same, are for your networked DVR box. ("src" means "source")

The "dst-ip" addresses are likely internal addresses (devices which are on your internal network) -- this is indicated by the fact that the "dst-IPs" are either x.0.0.x or x.255.255.x. ("dst" means "destination")
My System SpecsSystem Spec
29 Nov 2017   #5
dc2000

Windows
 
 

No, 224.0.0.252, 224.0.0.9, 239.255.255.250, etc. are not local.
My System SpecsSystem Spec
29 Nov 2017   #6
mrjimphelps

Linux Mint 18.2 xfce 64-bit (VMWare host) / Windows 8.1 Pro 32-bit (VMWare guest)
 
 

Go to a command prompt and type PING 224.0.0.252, etc. See what comes back.
My System SpecsSystem Spec
29 Nov 2017   #7
dc2000

Windows
 
 

Quote   Quote: Originally Posted by mrjimphelps View Post
Go to a command prompt and type PING 224.0.0.252, etc. See what comes back.
I get nothing. The ping just times out.

It's interesting though, if you look at the trace log, the protocol is not tcp but just the value 2. What is that? And also the size is 0.
My System SpecsSystem Spec
Reply

 Software or Windows 7 feature to log incoming network connections




Thread Tools




Similar help and support threads
Thread Forum
program to see incoming and outgoing network connections needed
Hello All : I did have a program before that would show all incoming and outgoing network connections . Anyone know of the name of the program ? 12 Tb of storage and can't remember where I stored it .. Thanks
Network & Sharing
Virtual Private Network (VPN) - Enable Incoming VPN Connections
How to Allow Incoming VPN Connections in Windows 7 and Windows 8 This will show you how to configure your computer to accept VPN connection and router settings to allow Point-to-Point Tunneling Protocol (PPTP) on your Network in Windows 7 and Windows 8. Here’s How: 1. Go to...
Tutorials
How to allow *all* incoming TCP connections
Hello there, I am making a Remote Control program like Teamviewer in VB.Net using the TCP protocol and it works fine locally (in LAN), but nobody outside of my network can connect to my computer. I've tried to add exceptions to all TCP ports and I've tried to totally disable the firewall, but...
System Security
VPN not accepting incoming connections.
Protocol is PPTP It hangs on "Verifying username and password" from the client machines the LAN settings should be fine as this machine is dual booted and clients connect to Ubuntu Server without issue. Win7 gives the following error after getting "stuck" on "Verifying username and...
Network & Sharing
What's the max number of incoming connections (aka VPN) Windows 7 supp
What's the max number of incoming connections (aka VPN) Windows 7 Ultimate supports? I'm getting an error every time I try to connect one machine while the other is connected. Error 937 I believe. Does this mean that windows 7 Ultimate only supports one vpn connection at a time without upgrading...
Network & Sharing


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 08:44.
Twitter Facebook Google+