How do I know which are being dropped or denied?
Well, this is totally a question of what kind of firewall setup yuo have. Basically, you should log everything that is not matched by some accept rules or just before the packets are dropped.
Example how to log all traffic to port 22:
iptables -N SOME_RULE1
iptables -A SOME_RULE1 -p tcp --dport 22 -j LOG
iptables -A SOME_RULE1 -p tcp --dport 22 -j DROP
This is of course totally up to your setup and needs.
Note: You should of course specify some type of --log-prefix "SOME TEXT HERE " in order to recognize why and where it was logged.