Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 11 replies
  • Subscribers 2 subscribers
  • Views 3802 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

What could this be?

otroean
One of the computers I have on the network i making this trafic. What could it be?

22:53:28  Default DROP  UDP 
192.168.0.101  :  1772
→ 
88.89.4.18  :  62372

len=48  ttl=127  tos=0x00  srcmac=00:1a:70:13:cf:a9  dstmac=00:11:43:1a:50:85
22:53:28  Default DROP  UDP 
192.168.0.101  :  1770
→ 
88.90.9.69  :  63475

len=48  ttl=127  tos=0x00  srcmac=00:1a:70:13:cf:a9  dstmac=00:11:43:1a:50:85
22:53:28  Default DROP  UDP 
192.168.0.101  :  1771
→ 
10.0.0.13  :  65040

len=48  ttl=127  tos=0x00  srcmac=00:1a:70:13:cf:a9  dstmac=00:11:43:1a:50:85
22:53:29  Default DROP  UDP 
192.168.0.101  :  1773
→ 
192.168.2.2  :  54046

len=48  ttl=127  tos=0x00  srcmac=00:1a:70:13:cf:a9  dstmac=00:11:43:1a:50:85
22:53:29  Default DROP  UDP 
192.168.0.101  :  1772
→ 
88.89.4.18  :  62372

len=48  ttl=127  tos=0x00  srcmac=00:1a:70:13:cf:a9  dstmac=00:11:43:1a:50:85
22:53:29  Default DROP  UDP 
192.168.0.101  :  1770
→ 
88.90.9.69  :  63475

len=48  ttl=127  tos=0x00  srcmac=00:1a:70:13:cf:a9  dstmac=00:11:43:1a:50:85
22:53:30  Default DROP  UDP 
192.168.0.101  :  1771
→ 
10.0.0.13  :  65040

len=48  ttl=127  tos=0x00  srcmac=00:1a:70:13:cf:a9  dstmac=00:11:43:1a:50:85
22:53:30  Default DROP  UDP 
192.168.0.101  :  1773
→ 
192.168.2.2  :  54046

len=48  ttl=127  tos=0x00  srcmac=00:1a:70:13:cf:a9  dstmac=00:11:43:1a:50:85
22:53:30  Default DROP  UDP 
192.168.0.101  :  1772
→ 
88.89.4.18  :  62372

len=48  ttl=127  tos=0x00  srcmac=00:1a:70:13:cf:a9  dstmac=00:11:43:1a:50:85
22:53:30  Default DROP  TCP 
192.168.0.101  :  1866
→ 
192.168.1.104  :  1166

[SYN]  len=48  ttl=127  tos=0x00  srcmac=00:1a:70:13:cf:a9  dstmac=00:11:43:1a:50:85
22:53:30  Default DROP  TCP 
192.168.0.101  :  1867
→ 
77.222.197.203  :  1166

[SYN]  len=48  ttl=127  tos=0x00  srcmac=00:1a:70:13:cf:a9  dstmac=00:11:43:1a:50:85
22:53:30  Default DROP  TCP 
192.168.0.101  :  1862
→ 
10.0.0.4  :  64418

[SYN]  len=48  ttl=127  tos=0x00  srcmac=00:1a:70:13:cf:a9  dstmac=00:11:43:1a:50:85
22:53:31  Default DROP  TCP 
192.168.0.101  :  1863
→ 
80.212.123.99  :  49565

[SYN]  len=48  ttl=127  tos=0x00  srcmac=00:1a:70:13:cf:a9  dstmac=00:11:43:1a:50:85
22:53:31  Default DROP  UDP 
192.168.0.101  :  1773
→ 
192.168.2.2  :  54046

len=48  ttl=127  tos=0x00  srcmac=00:1a:70:13:cf:a9  dstmac=00:11:43:1a:50:85
22:53:32  Default DROP  UDP 
192.168.0.101  :  1772
→ 
88.89.4.18  :  62372

len=48  ttl=127  tos=0x00  srcmac=00:1a:70:13:cf:a9  dstmac=00:11:43:1a:50:85
22:53:33  Default DROP  TCP 
192.168.0.101  :  1866
→ 
192.168.1.104  :  1166

[SYN]  len=48  ttl=127  tos=0x00  srcmac=00:1a:70:13:cf:a9  dstmac=00:11:43:1a:50:85
22:53:34  Default DROP  TCP 
192.168.0.101  :  1867
→ 
77.222.197.203  :  1166

[SYN]  len=48  ttl=127  tos=0x00  srcmac=00:1a:70:13:cf:a9  dstmac=00:11:43:1a:50:85
22:53:39  Default DROP  TCP 
192.168.0.101  :  1866
→ 
192.168.1.104  :  1166

[SYN]  len=48  ttl=127  tos=0x00  srcmac=00:1a:70:13:cf:a9  dstmac=00:11:43:1a:50:85
22:53:40  Default DROP  TCP 
192.168.0.101  :  1867
→ 
77.222.197.203  :  1166

[SYN]  len=48  ttl=127  tos=0x00  srcmac=00:1a:70:13:cf:a9  dstmac=00:11:43:1a:50:85
22:53:45  Default DROP  2 
192.168.1.1      
→ 
224.0.0.1      

len=36  ttl=1  tos=0x00  srcmac=00:00:00:00:00:00  dstmac=00:1a:70:13:cf:a9
22:53:48  Default DROP  UDP 
192.168.0.101  :  1892
→ 
88.90.197.119  :  57261

len=48  ttl=127  tos=0x00  srcmac=00:1a:70:13:cf:a9  dstmac=00:11:43:1a:50:85


This thread was automatically locked due to age.
Parents
  • 0
    Assuming a windows machine, one starting point is to run 
    netstat -ano 
    on the 192.168.0.101 machine. That would list all listening ports, and the associated process ID. If you are lucky, you will see the port ID of a recently dropped packet bound to a UDP port, and the PID of the process binding it. In windows task manager, you can add the process ID column, and lookup the process ID to find the associated app name. If you're a bit lucky, you'll then know what app is the culprit.
Reply
  • 0
    Assuming a windows machine, one starting point is to run 
    netstat -ano 
    on the 192.168.0.101 machine. That would list all listening ports, and the associated process ID. If you are lucky, you will see the port ID of a recently dropped packet bound to a UDP port, and the PID of the process binding it. In windows task manager, you can add the process ID column, and lookup the process ID to find the associated app name. If you're a bit lucky, you'll then know what app is the culprit.
Children
No Data