[prev in list] [next in list] [prev in thread] [next in thread]
List: ipcop-devel
Subject: RE: [IPCop-devel] My IPCop is Haunted!
From: jackb () guppy ! us
Date: 2004-07-26 12:57:40
Message-ID: 4104B974.18926.A00AC97 () localhost
[Download RAW message or body]
> Logged 1318 packets on interface eth1
> From 192.168.0.18 - 933 packets to udp(53,53)tcp(135,135,135)icmp(0)
> From 192.168.0.29 - 12 packets to udp(53,53,3531)tcp(3531,3531)
> From 192.168.0.38 - 5 packets to udp(137)
> From 192.168.0.45 - 10 packets to udp(53,53)
> From 192.168.0.153 - 3 packets to udp(53,53)
> From 192.168.0.156 - 1 packet to udp(138)
> From 192.168.0.181 - 27 packets to udp(53,53)
> From 192.168.0.199 - 1 packet to udp(138)
> From 192.168.0.207 - 288 packets to udp(53,53)
> From 192.168.0.216 - 31 packets to udp(138,53,53)icmp(0,0)
> From 192.168.1.96 - 1 packet to udp(137)
> From 192.168.1.101 - 1 packet to tcp(2869)
> From 192.168.1.130 - 3 packets to tcp(7797)
> From 192.168.1.200 - 2 packets to udp(138)
>
> Does this info help anyone?
Lets first backtrack some of the data..
192.168.x.255 are boardcast messages. These are a machine telling /
looking for others in the subnet some thing. IPCop will see the
boardcasts because it is part of the subnet. Used by Netbios and
other protocols to find "freinds".
Now for the ports...
http://www.iana.org/assignments/port-numbers
53 - Are domain name requests, normally lookups.
135 - DCE endpoints
137 - Netbios Name Service - You are running MS, right?
138 - Netbios Datagram Service - MS?
These I do know about, but could be that you have speciality software
on a client machine.
3531 - Joltid
2869 - ICSLAP
7797 - Propel Connector port.
-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
IPCop-devel mailing list
IPCop-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipcop-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic