Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

Determining port number in Network Threat Protection log

Updated: 21 May 2010 | 9 comments
techcoor's picture
techcoor
0 0 Votes
Login to vote
This issue has been solved. See solution.

The Network Threat Protection logs list a number of UDP and TCP activities. Is there a way to determine exactly what UDP and TCP ports are involved? This particular computer has version 11.0.3 installed.

discussion Filed Under:
, , ,

Comments

Prachand's picture
01
Nov
2009
0 Votes 0
Login to vote
Prachand
Trusted Advisor

Check the local host and

Check the local host and remote host and see if you can indentify the ip address.also check the directions for the same.t
Also tell what port they are using?

Prachand Kumar MCSE-2003 Symantec Technical Specialist (SCTS)

techcoor's picture
05
Nov
2009
0 Votes 0
Login to vote
techcoor

The IP address is identified

The IP address is identified in the Network Threat Protection traffic log as well as whether it was UDP or TCP.  The direction is shown in Network Threat Protection traffic log.

What I am asking is in Endpoint Protection is there a way to identify the port that is being used. 

I don't see how the local host or remote host information would be useful because I don't know of a way to tied a port transaction on the host to the event in Endpoint Protection. 

 

Rafeeq's picture
01
Nov
2009
0 Votes 0
Login to vote
Rafeeq

Hi

Go to monitor
logs
Log type:Network threat protecion
Log content: packets
you wil get the port number.

Please don't forget to mark your thread solved with whatever answer helped you : ) Rafeeq

techcoor's picture
05
Nov
2009
0 Votes 0
Login to vote
techcoor

The communication only shows

The communication only shows in Network Threat Protection traffic log. There is nothing in the Network Threat Protection packet log.

KS Choi's picture
05
Nov
2009
1 Vote +1
Login to vote
KS Choi

Indeed. Network Threat

Indeed. Network Threat Protection/Traffic log only shows the ports. Packet log nothing.

Thanks and regards,

techcoor's picture
12
Nov
2009
0 Votes 0
Login to vote
techcoor

I do not see where the

I do not see where the Network Threat Protection/Traffic log shows the port number.

Prachand's picture
12
Nov
2009
0 Votes 0
Login to vote
Prachand
Trusted Advisor

(No subject)

port.JPG

Prachand Kumar MCSE-2003 Symantec Technical Specialist (SCTS)

SOLUTION
techcoor's picture
13
Nov
2009
0 Votes 0
Login to vote
techcoor

Yes, this was a simple matter

Yes, this was a simple matter of moving the scroll bar over to see the Port Number. Now I have to try to figure if UDP ports 137 and 138 is normal.

AravindKM's picture
13
Nov
2009
0 Votes 0
Login to vote
AravindKM

Are you able to see any log

Are you able to see any log entries in traffic log?
If no you are not enabled logging 
For enabling this you have to edit the firewall rule which you required logs and in logging column you have to right click and select write to traffic log
then in client in traffic logs you will be able to see the local and remote port numbers along with their IP and MAC addresses..

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
258,898