You can monitor Windows Firewall activity by using the Windows Firewall log file and the security log, these are both bult into Windows Operating Systems and Both tools are useful for troubleshooting Windows Firewall problems and temporarily monitoring the behavior of Windows Firewall. This could be malicious software ie malware, trojans, rootkit, bootkit etc, etc, of you may have a rogue program connecting out what you want to detect and trace route.
You can also use these commands:
netsh firewall set logging droppedpackets = enable
netsh firewall set logging connections = enable