Here are the top dropped source hosts ranked by number of services:
Top Source IP Packets % Services %
1 ***.241.183.248 *** 868 20.49 440 26.33
2 ***.7.216.68 *** 863 20.37 436 26.09
3 ***.167.198.19 *** 124 2.93 124 7.42
***.7.216.68:5666 → ***.180.39.217:51026
***.7.216.68:5666 → ***.180.39.217:51123
Note the source addresses have the same port, but the destination addresses have different port numbers.
For each of these top IP addresses, the pattern is the same. They have the same source address and port number, but different destination port numbers. As you can see from the number of services, there are numerous destination port numbers. I'm not clear why this is happening (i.e., why the source and destination port numbers are not the same?). Is the destination port being extracted from the packets?
This thread was automatically locked due to age.
