What are these packets?
I don't get much in my firewall incoming log. Most entries look like this:
2011-08-07 02:15:04 DROP UDP 10.10.7.162 74.71.55.217 5300 61241 191 - - - - - - - RECEIVE
2011-08-07 02:15:04 DROP UDP 10.10.7.151 74.71.55.217 5300 63959 191 - - - - - - - RECEIVE
All are from port 5300. I suppose 10.10.7.* is on my ISPs internal network.
I see similar packets when browsing. These two (below, edited for readability) resulted from my connecting to this forum. They were not dropped by the firewall.
12:52:57.850580 IP 10.10.7.162.5300 > 74.71.55.217.62321: UDP, length 146
E.../]@.........JG7....q..,cN............social.technet.microsoft.com.............
12:53:00.705522 IP 10.10.7.161.5300 > 74.71.55.217.58131: UDP, length 163
E.....@.........JG7........%#............i3.social.s-msft.com..................i.g
What's it all about?
- Vince
August 7th, 2011 1:22pm
The ports being used in that sniff clip are above the normal range.. Below explains.
http://en.wikipedia.org/wiki/Ephemeral_ports
John Wiley
Free Windows Admin Tool Kit Click here and download it now
August 7th, 2011 4:20pm
The ports being used in that sniff clip are above the normal range.. Below explains.
http://en.wikipedia.org/wiki/Ephemeral_ports
Those were not dropped by the firewall. The ones in the firewall drop log are also in that range. It explains nothing ... why src port is fixed and dst variable (that's unusual in my experience), why using the browser (to some places) causes these
(and they're allowed by the firewall), why other similar-looking traffic is dropped by the firewall, and what is the business of these communications in the first place.
August 7th, 2011 4:32pm
I see you have it all figured then..
John Wiley
Free Windows Admin Tool Kit Click here and download it now
August 7th, 2011 5:02pm
I see you have it all figured then..
On the contrary, John, I'm just making observations. I haven't figured out any of it.
- Vince
August 7th, 2011 5:08pm