Ok so in my event log, I sometimes get this error:
The Windows Filtering Platform has blocked a packet.
Process ID: 0
Application Name: -
Source Address: 50.99.999.99
Source Port: 64618
Destination Address: 126.96.36.199
Destination Port: 80
Why would my firewall have any instances where it would be blocking port 80, I wondered. This happens seemingly at random. I did a netsh wfp capture start. And found this entry for that IP:
I then searched for FilterID 88382 and found it defined as this:
<name>Port Scanning Prevention Filter</name>
<description>This filter prevents port scanning.</description>
When I looked up the Port Scanning Prevention Filter, I learned that it cannot be disabled and its function is that if a port doesn't have an application "listening" on it, then windows firewall will drop the packet regardless. http://superuser.com/questions/362358/how-to-disable-hidden-windows-firewall-filter
Based on this definition, it seems like my IIS web service has brief periods of "not listening" and when a user connects to port 80, IIS isn't listening in that single moment, and the packet gets dropped....could this be happening? That is what it appears like on the surface if I understand all this right.
This raises my concern...why would my firewall sometimes think that port 80 isn't listening? The server is a web server. I'm stumped at where else to go in my diagnostics. I'd like to know why windows filtering is occasionally (and this is only sometimes) dropping port 80 packets. Is there a way I can diagnose IIS to see if it occasionally...even for milisecond periods of time...stops "listening?"