I don't get much in my firewall incoming log. Most entries look like this: 2011-08-07 02:15:04 DROP UDP 10.10.7.162 74.71.55.217 5300 61241 191 - - - - - - - RECEIVE 2011-08-07 02:15:04 DROP UDP 10.10.7.151 74.71.55.217 5300 63959 191 - - - - - - - RECEIVE All are from port 5300. I suppose 10.10.7.* is on my ISPs internal network. I see similar packets when browsing. These two (below, edited for readability) resulted from my connecting to this forum. They were not dropped by the firewall. 12:52:57.850580 IP 10.10.7.162.5300 > 74.71.55.217.62321: UDP, length 146 E.../]@.........JG7....q..,cN............social.technet.microsoft.com............. 12:53:00.705522 IP 10.10.7.161.5300 > 74.71.55.217.58131: UDP, length 163 E.....@.........JG7........%#............i3.social.s-msft.com..................i.g What's it all about? - Vince

The ports being used in that sniff clip are above the normal range.. Below explains. http://en.wikipedia.org/wiki/Ephemeral_ports John Wiley

The ports being used in that sniff clip are above the normal range.. Below explains. http://en.wikipedia.org/wiki/Ephemeral_ports Those were not dropped by the firewall. The ones in the firewall drop log are also in that range. It explains nothing ... why src port is fixed and dst variable (that's unusual in my experience), why using the browser (to some places) causes these (and they're allowed by the firewall), why other similar-looking traffic is dropped by the firewall, and what is the business of these communications in the first place.

I see you have it all figured then.. John Wiley

I see you have it all figured then.. On the contrary, John, I'm just making observations. I haven't figured out any of it. - Vince