MicrosoftThank you so much for this reply. It is rather more complicated than I had hoped, so it will take me a while to decipher it. To elaborate a little, this is only for windows. We use a 3rd party firewall product and their log shows blocks for port 5353 for an associated process (lets say TEST1.EXE) that has nothing to do with the traffic coming in but DOES have port 5353 open. I sense that the logging is just wrong. Because the traffic to port 5353 is not allowed, I think it just associates that traffic with whatever process it finds first for that port and posts that detail in the log. But this does make me concerned as to whether the rules we might make for port 5353 might work if we can specify them by process, leaving source port as anything.
So, if we allow traffic targeted to TEST1.EXE on port 5353, but the traffic coming in is for TEST2.EXE, will it allow it anyway because it sees that TEST1.EXE has port 5355 open? I guess I can test that....
