Determining port number in Network Threat Protection log

This issue has been solved. See solution.
techcoor's picture
techcoor
November 1st, 2009

The Network Threat Protection logs list a number of UDP and TCP activities. Is there a way to determine exactly what UDP and TCP ports are involved? This particular computer has version 11.0.3 installed.

Filed under: , , ,
0 votes
Prachand's picture
Prachand
3 weeks 2 days ago

Check the local host and

Check the local host and remote host and see if you can indentify the ip address.also check the directions for the same.t
Also tell what port they are using?

Prachand Kumar
MCSE-2003 Symantec Technical Specialist (SCTS)

0 votes
techcoor's picture
techcoor
2 weeks 5 days ago

The IP address is identified

The IP address is identified in the Network Threat Protection traffic log as well as whether it was UDP or TCP.  The direction is shown in Network Threat Protection traffic log.

What I am asking is in Endpoint Protection is there a way to identify the port that is being used. 

I don't see how the local host or remote host information would be useful because I don't know of a way to tied a port transaction on the host to the event in Endpoint Protection. 

 

0 votes
Rafeeq's picture
Rafeeq
3 weeks 2 days ago

Hi

Go to monitor
logs
Log type:Network threat protecion
Log content: packets
you wil get the port number.

Rafeeq

0 votes
techcoor's picture
techcoor
2 weeks 5 days ago

The communication only shows

The communication only shows in Network Threat Protection traffic log. There is nothing in the Network Threat Protection packet log.

0 votes
KS Choi's picture
KS Choi
2 weeks 5 days ago

Indeed. Network Threat

Indeed. Network Threat Protection/Traffic log only shows the ports. Packet log nothing.

Thanks and regards,

+1 (1 vote)
techcoor's picture
techcoor
1 week 5 days ago

I do not see where the

I do not see where the Network Threat Protection/Traffic log shows the port number.

0 votes
Prachand's picture
Prachand
1 week 4 days ago

(No subject)

Solution

port.JPG

Prachand Kumar
MCSE-2003 Symantec Technical Specialist (SCTS)

0 votes
SOLUTION
techcoor's picture
techcoor
1 week 4 days ago

Yes, this was a simple matter

Yes, this was a simple matter of moving the scroll bar over to see the Port Number. Now I have to try to figure if UDP ports 137 and 138 is normal.

0 votes
AravindKM's picture
AravindKM
1 week 4 days ago

Are you able to see any log

Are you able to see any log entries in traffic log?
If no you are not enabled logging 
For enabling this you have to edit the firewall rule which you required logs and in logging column you have to right click and select write to traffic log
then in client in traffic logs you will be able to see the local and remote port numbers along with their IP and MAC addresses..

0 votes