Source: serverfault.com --- Sunday, August 23, 2015
I need to log a summary of all inbound TCP connections on a Windows 2008R2 server, but only including the Source IP, Source Port, Destination IP and Destination Port. I do not want to log the payload and I do not want to include outbound connections or connections originating from the host itself. I am simply trying to get a high level summary of all inbound connections over a period of a few days to be able to tell at a glance what is connecting to this server and from where. It would be nice to see a summary with only one line for each unique connection (=SourceIP:Port -> DestIP:Port combination), but as long as the information can be logged/exported in CSV format, I an always do that in Excel. The first tool I looked at was Wireshark, but I do not see how not to include the payload. I looked at Process Monitor, but I do not see how to filter out outbound connections and the output does not fit my needs very well. The closest fit I have found is TcpLogView (NirSoft), but it cannot filter out outbound connections or connections that are originating from the local server. Is there a tool out there that can do what I am looking for? Thanks. ...
from Windows http://ift.tt/1Lugiep
No comments:
Post a Comment