Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Windows firewall log only recording initial one-way connection

4 Weeks Ago   #1
BlackLion

Windows 7 Ultimate x86
 
 
Windows firewall log only recording initial one-way connection

Hello. I have enabled Windows firewall logging in Windows 7 Ultimate. I have noticed that Windows firewall logging only logs
the initial one-way connection e.g. connecting to the web server on the LAN produces the following event in the Windows firewall log:

2017-11-17 20:43:34 ALLOW TCP 192.168.2.35 192.168.2.19 49397 80 0 - 0 0 0 - - - SEND

This is an outbound packet from my machine (192.168.2.35), running Windows firewall log, to the web server (192.168.2.19). Windows firewall does not record any return traffic from the web server (192.168.2.19) back to my machine (192.168.2.35).

Similarly, when initiating an inbound connection from the web server (192.168.168.2.19) to a service listening on my machine (192.168.2.35), only the below event is recorded (and not the return outbound traffic, from my machine, which follows):

2017-11-18 10:29:47 ALLOW TCP 192.168.2.19 192.168.2.35 52437 1234 0 - 0 0 0 - - - RECEIVE

Is it possible for Windows firewall to log both inbound and outbound traffic for a connection, or is it only limited to recording the one-way initial traffic?


My System SpecsSystem Spec
.
3 Weeks Ago   #2
Alejandro85

Windows 7 Ultimate x64
 
 

What you're seeing is totally correct and the normal operation of Windows Firewall. The reason is simple: it works entirely on connections, not packets. Based on its rules, when a connection attempt is made from either side, it decides to allow it or drop altogether. The result of that decision is what becomes logged.

After a connection is allowed, the firewall does nothing more, it just let pass every packet on it. Remember that Windows Firewall is a rather simple firewall, with no stateful packet inspection capabilities, so it won't log (or care about) everything that happens on your network.

You probably what to look at a different tool for this job. A packet analyzer like Wireshark will fit you better that the logs.
My System SpecsSystem Spec
Reply

 Windows firewall log only recording initial one-way connection




Thread Tools




Similar help and support threads
Thread Forum
BSOD - not internet connection, no windows firewall
Hello, I had to wait a lot before a new crash but this time it was big. Two BSOD in less than two minutes and now strangely I don't have any internet connection (the troubleshoot center says it's because of "the diagnostic policy service is not running") and the windows firewall is down and...
BSOD Help and Support
Windows Firewall - Remote Desktop Connection Problem
hello all, i am trying to connect my netbook (windows 7 starter) to my desktop (windows 7 professional) using remote desktop connection, from the road. i have followed all the instructions here: Allow Remote Desktop connections from outside your home network if i turn off windows...
System Security
Windows Firewall prevents "network connection" at boot time
This is very strange. About two weeks ago I reinstalled Win7 Pro x64 from scratch in order to properly support my new Ceton TV tuner card. All of my application software is now just about fully reinstalled as well, and everything's working fine. The new Win7 is very much "cleaner, leaner, and...
System Security
Firewall & a VNC connection error
I've installed a VNC client by Jaadu both on my win 7 64 system & my iPhone. Everything went smoothly until I applied the FreeSSHd encryption program. When I try to connect with the computer the iphone gets this error: Connection Error: connection refused. You may have a firewall...
Network & Sharing


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 09:07.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App