 |
|
 |
|
|
|
|
|
|
|
|
|
navti
Guest
|
 Posted: Sat May 19, 2007 8:10 am Post subject: Can anyone shed some light on these entries in my Firewall ? |
 |
|
Can anyone shed some light on these entries in my Firewall ?
My firewall is set up to block all outbound UDP apart from NTP time packets,
the host 192.168.0.2 is a mac running OSX 10.4.9
Fri, 2007-05-18 10:26:37 - UDP Packet - Source:192.168.0.2,8198 Destination:67.65.250.199,24882 - [Any(ALL) rule match] Fri, 2007-05-18 10:26:38 - UDP Packet - Source:192.168.0.2,8198 Destination:71.59.25.30,6719 - [Any(ALL) rule match] Fri, 2007-05-18 10:26:38 - UDP Packet - Source:192.168.0.2,8198 Destination:12.206.139.221,59778 - [Any(ALL) rule match] Fri, 2007-05-18 10:26:38 - UDP Packet - Source:192.168.0.2,8198 Destination:71.80.1.166,30069 - [Any(ALL) rule match] Fri, 2007-05-18 10:26:38 - UDP Packet - Source:192.168.0.2,8198 Destination:67.160.106.161,2428 - [Any(ALL) rule match] Fri, 2007-05-18 10:26:46 - UDP Packet - Source:192.168.0.2,8198 Destination:83.20.156.188,65049 - [Any(ALL) rule match] Fri, 2007-05-18 10:26:46 - UDP Packet - Source:192.168.0.2,8198 Destination:83.25.21.190,33025 - [Any(ALL) rule match] Fri, 2007-05-18 10:26:46 - UDP Packet - Source:192.168.0.2,8198 Destination:83.31.133.79,48545 - [Any(ALL) rule match] Fri, 2007-05-18 10:26:46 - UDP Packet - Source:192.168.0.2,8198 Destination:83.6.3.170,38874 - [Any(ALL) rule match] Fri, 2007-05-18 10:26:51 - UDP Packet - Source:192.168.0.2,8198 Destination:83.20.156.188,65049 - [Any(ALL) rule match] Fri, 2007-05-18 10:26:51 - UDP Packet - Source:192.168.0.2,8198 Destination:83.25.21.190,33025 - [Any(ALL) rule match] Fri, 2007-05-18 10:26:56 - UDP Packet - Source:192.168.0.2,8198 Destination:83.20.156.188,65049 - [Any(ALL) rule match] Fri, 2007-05-18 10:26:56 - UDP Packet - Source:192.168.0.2,8198 Destination:83.25.21.190,33025 - [Any(ALL) rule match] Fri, 2007-05-18 10:27:01 - UDP Packet - Source:192.168.0.2,8198 Destination:83.20.156.188,65049 - [Any(ALL) rule match] Fri, 2007-05-18 10:27:01 - UDP Packet - Source:192.168.0.2,8198 Destination:83.25.21.190,33025 - [Any(ALL) rule match] Fri, 2007-05-18 10:27:06 - UDP Packet - Source:192.168.0.2,8198 Destination:83.20.156.188,65049 - [Any(ALL) rule match] Fri, 2007-05-18 10:27:06 - UDP Packet - Source:192.168.0.2,8198 Destination:83.25.21.190,33025 - [Any(ALL) rule match] Fri, 2007-05-18 10:27:59 - UDP Packet - Source:192.168.0.2,8198 Destination:144.135.167.129,1307 - [Any(ALL) rule match] |
|
| |
|
|
|
|
|
|
|
|
navti
Guest
|
| Posted: Sun May 20, 2007 3:53 am Post subject: Re: Can anyone shed some light on these entries in my Firewa |
|
|
On May 19, 11:08 pm, demp...@actrix.gen.nz (David Empson) wrote:
| Quote: |
navti <nav...@gmail.com> wrote:
> Can anyone shed some light on these entries in my Firewall ?
> My firewall is set up to block all outbound UDP apart from NTP time > packets,
> the host 192.168.0.2 is a mac running OSX 10.4.9
> Fri, 2007-05-18 10:26:37 - UDP Packet - Source:192.168.0.2,8198 > Destination:67.65.250.199,24882 - [Any(ALL) rule match]
[and similar entries, all from port 8198, to various IP addresses and random port numbers]
Nothing obvious from a Google search for "port 8198". This port is used (for TCP only) by Windows Server 2000/2003 for one aspect of managing a network of servers. Not likely to be the explanation here.
You might like to try running Little Snitch on that Mac, which can report specific applications attempting to do outgoing network connections. Capturing the data content of the packets to/from UDP port 8198 on that Mac with tcpdump might also reveal something.
From checking some of the destination IP addresses, they appear to be DSL/Cable client addresses, i.e. normal home computers all over the Internet, not identifiable servers.
I expect that Mac is running something like peer to peer file sharing software, which has been configured to use that particular port number.
These are probably attempts to reply to specific data requests from other computers running the same peer to peer software. |
Thanks for the advice regarding Little Snitch which showed it was Skype ,
cheers |
|
| |
|
|
|
|
|
|
|
|
navti
Guest
|
| Posted: Sun May 20, 2007 3:53 am Post subject: Re: Can anyone shed some light on these entries in my Firewa |
|
|
On May 19, 11:08 pm, demp...@actrix.gen.nz (David Empson) wrote:
| Quote: |
navti <nav...@gmail.com> wrote:
> Can anyone shed some light on these entries in my Firewall ?
> My firewall is set up to block all outbound UDP apart from NTP time > packets,
> the host 192.168.0.2 is a mac running OSX 10.4.9
> Fri, 2007-05-18 10:26:37 - UDP Packet - Source:192.168.0.2,8198 > Destination:67.65.250.199,24882 - [Any(ALL) rule match]
[and similar entries, all from port 8198, to various IP addresses and random port numbers]
Nothing obvious from a Google search for "port 8198". This port is used (for TCP only) by Windows Server 2000/2003 for one aspect of managing a network of servers. Not likely to be the explanation here.
You might like to try running Little Snitch on that Mac, which can report specific applications attempting to do outgoing network connections. Capturing the data content of the packets to/from UDP port 8198 on that Mac with tcpdump might also reveal something.
From checking some of the destination IP addresses, they appear to be DSL/Cable client addresses, i.e. normal home computers all over the Internet, not identifiable servers.
I expect that Mac is running something like peer to peer file sharing software, which has been configured to use that particular port number.
These are probably attempts to reply to specific data requests from other computers running the same peer to peer software. |
Thanks for the advice regarding Little Snitch which showed it was Skype ,
cheers |
|
| |
|
|
|
|
|
|
|
|
navti
Guest
|
| Posted: Sun May 20, 2007 3:53 am Post subject: Re: Can anyone shed some light on these entries in my Firewa |
|
|
On May 19, 11:08 pm, demp...@actrix.gen.nz (David Empson) wrote:
| Quote: |
navti <nav...@gmail.com> wrote:
> Can anyone shed some light on these entries in my Firewall ?
> My firewall is set up to block all outbound UDP apart from NTP time > packets,
> the host 192.168.0.2 is a mac running OSX 10.4.9
> Fri, 2007-05-18 10:26:37 - UDP Packet - Source:192.168.0.2,8198 > Destination:67.65.250.199,24882 - [Any(ALL) rule match]
[and similar entries, all from port 8198, to various IP addresses and random port numbers]
Nothing obvious from a Google search for "port 8198". This port is used (for TCP only) by Windows Server 2000/2003 for one aspect of managing a network of servers. Not likely to be the explanation here.
You might like to try running Little Snitch on that Mac, which can report specific applications attempting to do outgoing network connections. Capturing the data content of the packets to/from UDP port 8198 on that Mac with tcpdump might also reveal something.
From checking some of the destination IP addresses, they appear to be DSL/Cable client addresses, i.e. normal home computers all over the Internet, not identifiable servers.
I expect that Mac is running something like peer to peer file sharing software, which has been configured to use that particular port number.
These are probably attempts to reply to specific data requests from other computers running the same peer to peer software. |
Thanks for the advice regarding Little Snitch which showed it was Skype ,
cheers |
|
| |
|
|
|
|
|
|
|
|
navti
Guest
|
| Posted: Sun May 20, 2007 3:53 am Post subject: Re: Can anyone shed some light on these entries in my Firewa |
|
|
On May 19, 11:08 pm, demp...@actrix.gen.nz (David Empson) wrote:
| Quote: |
navti <nav...@gmail.com> wrote:
> Can anyone shed some light on these entries in my Firewall ?
> My firewall is set up to block all outbound UDP apart from NTP time > packets,
> the host 192.168.0.2 is a mac running OSX 10.4.9
> Fri, 2007-05-18 10:26:37 - UDP Packet - Source:192.168.0.2,8198 > Destination:67.65.250.199,24882 - [Any(ALL) rule match]
[and similar entries, all from port 8198, to various IP addresses and random port numbers]
Nothing obvious from a Google search for "port 8198". This port is used (for TCP only) by Windows Server 2000/2003 for one aspect of managing a network of servers. Not likely to be the explanation here.
You might like to try running Little Snitch on that Mac, which can report specific applications attempting to do outgoing network connections. Capturing the data content of the packets to/from UDP port 8198 on that Mac with tcpdump might also reveal something.
From checking some of the destination IP addresses, they appear to be DSL/Cable client addresses, i.e. normal home computers all over the Internet, not identifiable servers.
I expect that Mac is running something like peer to peer file sharing software, which has been configured to use that particular port number.
These are probably attempts to reply to specific data requests from other computers running the same peer to peer software. |
Thanks for the advice regarding Little Snitch which showed it was Skype ,
cheers |
|
| |
|
|
|
|
|
|
|
|
navti
Guest
|
| Posted: Sun May 20, 2007 3:53 am Post subject: Re: Can anyone shed some light on these entries in my Firewa |
|
|
On May 19, 11:08 pm, demp...@actrix.gen.nz (David Empson) wrote:
| Quote: |
navti <nav...@gmail.com> wrote:
> Can anyone shed some light on these entries in my Firewall ?
> My firewall is set up to block all outbound UDP apart from NTP time > packets,
> the host 192.168.0.2 is a mac running OSX 10.4.9
> Fri, 2007-05-18 10:26:37 - UDP Packet - Source:192.168.0.2,8198 > Destination:67.65.250.199,24882 - [Any(ALL) rule match]
[and similar entries, all from port 8198, to various IP addresses and random port numbers]
Nothing obvious from a Google search for "port 8198". This port is used (for TCP only) by Windows Server 2000/2003 for one aspect of managing a network of servers. Not likely to be the explanation here.
You might like to try running Little Snitch on that Mac, which can report specific applications attempting to do outgoing network connections. Capturing the data content of the packets to/from UDP port 8198 on that Mac with tcpdump might also reveal something.
From checking some of the destination IP addresses, they appear to be DSL/Cable client addresses, i.e. normal home computers all over the Internet, not identifiable servers.
I expect that Mac is running something like peer to peer file sharing software, which has been configured to use that particular port number.
These are probably attempts to reply to specific data requests from other computers running the same peer to peer software. |
Thanks for the advice regarding Little Snitch which showed it was Skype ,
cheers |
|
| |
|
|
|
|
|
|
|
|
navti
Guest
|
| Posted: Sun May 20, 2007 3:53 am Post subject: Re: Can anyone shed some light on these entries in my Firewa |
|
|
On May 19, 11:08 pm, demp...@actrix.gen.nz (David Empson) wrote:
| Quote: |
navti <nav...@gmail.com> wrote:
> Can anyone shed some light on these entries in my Firewall ?
> My firewall is set up to block all outbound UDP apart from NTP time > packets,
> the host 192.168.0.2 is a mac running OSX 10.4.9
> Fri, 2007-05-18 10:26:37 - UDP Packet - Source:192.168.0.2,8198 > Destination:67.65.250.199,24882 - [Any(ALL) rule match]
[and similar entries, all from port 8198, to various IP addresses and random port numbers]
Nothing obvious from a Google search for "port 8198". This port is used (for TCP only) by Windows Server 2000/2003 for one aspect of managing a network of servers. Not likely to be the explanation here.
You might like to try running Little Snitch on that Mac, which can report specific applications attempting to do outgoing network connections. Capturing the data content of the packets to/from UDP port 8198 on that Mac with tcpdump might also reveal something.
From checking some of the destination IP addresses, they appear to be DSL/Cable client addresses, i.e. normal home computers all over the Internet, not identifiable servers.
I expect that Mac is running something like peer to peer file sharing software, which has been configured to use that particular port number.
These are probably attempts to reply to specific data requests from other computers running the same peer to peer software. |
Thanks for the advice regarding Little Snitch which showed it was Skype ,
cheers |
|
| |
|
|
|
|
|
|
|
|
navti
Guest
|
| Posted: Sun May 20, 2007 3:53 am Post subject: Re: Can anyone shed some light on these entries in my Firewa |
|
|
On May 19, 11:08 pm, demp...@actrix.gen.nz (David Empson) wrote:
| Quote: |
navti <nav...@gmail.com> wrote:
> Can anyone shed some light on these entries in my Firewall ?
> My firewall is set up to block all outbound UDP apart from NTP time > packets,
> the host 192.168.0.2 is a mac running OSX 10.4.9
> Fri, 2007-05-18 10:26:37 - UDP Packet - Source:192.168.0.2,8198 > Destination:67.65.250.199,24882 - [Any(ALL) rule match]
[and similar entries, all from port 8198, to various IP addresses and random port numbers]
Nothing obvious from a Google search for "port 8198". This port is used (for TCP only) by Windows Server 2000/2003 for one aspect of managing a network of servers. Not likely to be the explanation here.
You might like to try running Little Snitch on that Mac, which can report specific applications attempting to do outgoing network connections. Capturing the data content of the packets to/from UDP port 8198 on that Mac with tcpdump might also reveal something.
From checking some of the destination IP addresses, they appear to be DSL/Cable client addresses, i.e. normal home computers all over the Internet, not identifiable servers.
I expect that Mac is running something like peer to peer file sharing software, which has been configured to use that particular port number.
These are probably attempts to reply to specific data requests from other computers running the same peer to peer software. |
Thanks for the advice regarding Little Snitch which showed it was Skype ,
cheers |
|
| |
|
|
|
|
|
|
|
|
navti
Guest
|
| Posted: Sun May 20, 2007 3:53 am Post subject: Re: Can anyone shed some light on these entries in my Firewa |
|
|
On May 19, 11:08 pm, demp...@actrix.gen.nz (David Empson) wrote:
| Quote: |
navti <nav...@gmail.com> wrote:
> Can anyone shed some light on these entries in my Firewall ?
> My firewall is set up to block all outbound UDP apart from NTP time > packets,
> the host 192.168.0.2 is a mac running OSX 10.4.9
> Fri, 2007-05-18 10:26:37 - UDP Packet - Source:192.168.0.2,8198 > Destination:67.65.250.199,24882 - [Any(ALL) rule match]
[and similar entries, all from port 8198, to various IP addresses and random port numbers]
Nothing obvious from a Google search for "port 8198". This port is used (for TCP only) by Windows Server 2000/2003 for one aspect of managing a network of servers. Not likely to be the explanation here.
You might like to try running Little Snitch on that Mac, which can report specific applications attempting to do outgoing network connections. Capturing the data content of the packets to/from UDP port 8198 on that Mac with tcpdump might also reveal something.
From checking some of the destination IP addresses, they appear to be DSL/Cable client addresses, i.e. normal home computers all over the Internet, not identifiable servers.
I expect that Mac is running something like peer to peer file sharing software, which has been configured to use that particular port number.
These are probably attempts to reply to specific data requests from other computers running the same peer to peer software. |
Thanks for the advice regarding Little Snitch which showed it was Skype ,
cheers |
|
| |
|
|
|
|
|
|
|
|
navti
Guest
|
| Posted: Sun May 20, 2007 3:53 am Post subject: Re: Can anyone shed some light on these entries in my Firewa |
|
|
On May 19, 11:08 pm, demp...@actrix.gen.nz (David Empson) wrote:
| Quote: |
navti <nav...@gmail.com> wrote:
> Can anyone shed some light on these entries in my Firewall ?
> My firewall is set up to block all outbound UDP apart from NTP time > packets,
> the host 192.168.0.2 is a mac running OSX 10.4.9
> Fri, 2007-05-18 10:26:37 - UDP Packet - Source:192.168.0.2,8198 > Destination:67.65.250.199,24882 - [Any(ALL) rule match]
[and similar entries, all from port 8198, to various IP addresses and random port numbers]
Nothing obvious from a Google search for "port 8198". This port is used (for TCP only) by Windows Server 2000/2003 for one aspect of managing a network of servers. Not likely to be the explanation here.
You might like to try running Little Snitch on that Mac, which can report specific applications attempting to do outgoing network connections. Capturing the data content of the packets to/from UDP port 8198 on that Mac with tcpdump might also reveal something.
From checking some of the destination IP addresses, they appear to be DSL/Cable client addresses, i.e. normal home computers all over the Internet, not identifiable servers.
I expect that Mac is running something like peer to peer file sharing software, which has been configured to use that particular port number.
These are probably attempts to reply to specific data requests from other computers running the same peer to peer software. |
Thanks for the advice regarding Little Snitch which showed it was Skype ,
cheers |
|
| |
|
|
|
|
|
|
|
|
navti
Guest
|
| Posted: Sun May 20, 2007 3:53 am Post subject: Re: Can anyone shed some light on these entries in my Firewa |
|
|
On May 19, 11:08 pm, demp...@actrix.gen.nz (David Empson) wrote:
| Quote: |
navti <nav...@gmail.com> wrote:
> Can anyone shed some light on these entries in my Firewall ?
> My firewall is set up to block all outbound UDP apart from NTP time > packets,
> the host 192.168.0.2 is a mac running OSX 10.4.9
> Fri, 2007-05-18 10:26:37 - UDP Packet - Source:192.168.0.2,8198 > Destination:67.65.250.199,24882 - [Any(ALL) rule match]
[and similar entries, all from port 8198, to various IP addresses and random port numbers]
Nothing obvious from a Google search for "port 8198". This port is used (for TCP only) by Windows Server 2000/2003 for one aspect of managing a network of servers. Not likely to be the explanation here.
You might like to try running Little Snitch on that Mac, which can report specific applications attempting to do outgoing network connections. Capturing the data content of the packets to/from UDP port 8198 on that Mac with tcpdump might also reveal something.
From checking some of the destination IP addresses, they appear to be DSL/Cable client addresses, i.e. normal home computers all over the Internet, not identifiable servers.
I expect that Mac is running something like peer to peer file sharing software, which has been configured to use that particular port number.
These are probably attempts to reply to specific data requests from other computers running the same peer to peer software. |
Thanks for the advice regarding Little Snitch which showed it was Skype ,
cheers |
|
| |
|
|
|
|
|
|
|
|
navti
Guest
|
| Posted: Sun May 20, 2007 3:53 am Post subject: Re: Can anyone shed some light on these entries in my Firewa |
|
|
On May 19, 11:08 pm, demp...@actrix.gen.nz (David Empson) wrote:
| Quote: |
navti <nav...@gmail.com> wrote:
> Can anyone shed some light on these entries in my Firewall ?
> My firewall is set up to block all outbound UDP apart from NTP time > packets,
> the host 192.168.0.2 is a mac running OSX 10.4.9
> Fri, 2007-05-18 10:26:37 - UDP Packet - Source:192.168.0.2,8198 > Destination:67.65.250.199,24882 - [Any(ALL) rule match]
[and similar entries, all from port 8198, to various IP addresses and random port numbers]
Nothing obvious from a Google search for "port 8198". This port is used (for TCP only) by Windows Server 2000/2003 for one aspect of managing a network of servers. Not likely to be the explanation here.
You might like to try running Little Snitch on that Mac, which can report specific applications attempting to do outgoing network connections. Capturing the data content of the packets to/from UDP port 8198 on that Mac with tcpdump might also reveal something.
From checking some of the destination IP addresses, they appear to be DSL/Cable client addresses, i.e. normal home computers all over the Internet, not identifiable servers.
I expect that Mac is running something like peer to peer file sharing software, which has been configured to use that particular port number.
These are probably attempts to reply to specific data requests from other computers running the same peer to peer software. |
Thanks for the advice regarding Little Snitch which showed it was Skype ,
cheers |
|
| |
|
|
|
|
|
|
|
|
navti
Guest
|
| Posted: Sun May 20, 2007 3:53 am Post subject: Re: Can anyone shed some light on these entries in my Firewa |
|
|
On May 19, 11:08 pm, demp...@actrix.gen.nz (David Empson) wrote:
| Quote: |
navti <nav...@gmail.com> wrote:
> Can anyone shed some light on these entries in my Firewall ?
> My firewall is set up to block all outbound UDP apart from NTP time > packets,
> the host 192.168.0.2 is a mac running OSX 10.4.9
> Fri, 2007-05-18 10:26:37 - UDP Packet - Source:192.168.0.2,8198 > Destination:67.65.250.199,24882 - [Any(ALL) rule match]
[and similar entries, all from port 8198, to various IP addresses and random port numbers]
Nothing obvious from a Google search for "port 8198". This port is used (for TCP only) by Windows Server 2000/2003 for one aspect of managing a network of servers. Not likely to be the explanation here.
You might like to try running Little Snitch on that Mac, which can report specific applications attempting to do outgoing network connections. Capturing the data content of the packets to/from UDP port 8198 on that Mac with tcpdump might also reveal something.
From checking some of the destination IP addresses, they appear to be DSL/Cable client addresses, i.e. normal home computers all over the Internet, not identifiable servers.
I expect that Mac is running something like peer to peer file sharing software, which has been configured to use that particular port number.
These are probably attempts to reply to specific data requests from other computers running the same peer to peer software. |
Thanks for the advice regarding Little Snitch which showed it was Skype ,
cheers |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
