I see frequent inbound icmp from and to ports 256, 512, 768 and 1024 (and occasionally other ports). I've googled this, but got nothing useful.
What's this traffic all about anyway?
That makes no sense. ICMP doesn't have port information.
What's displayed is the ICMP id field, which only makes sense for echo/ts/info request/reply packets. It's used in the state tree in much the same way TCP/UDP ports are -- to match specific request/reply pairs. It has no meaning otherwise, and unlike TCP/UDP ports it is not useful for explicit filtering.
