(Cross posted from filter group too since it seems really dead today) I just started playing with packet filtering so may be a little behind the game. I'm seeing thousands of hits on port 3208. That is, if I'm reading the lines right.
Runnign tcpdump in -r mode against an accumulated pile of traffic like ttcpdump -v -ttt -r /var/log/dump_all_*9 port 3208 There are 6400+ hits in just about 4-5 hrs of accumulated traffic. (this is a small home network) The local.net.add address is a local net address that is being NATted at a hardware NETGEAR router upstream. So you see my machine is responding from port 3208 as well. Anyone recognize what this is? Jan 11 16:57:33.545426 local.net.add.3208 > 195.18.70.114.3861: R [tcp sum ok] 0:0(0) ack 1 win 0 (DF) [tos 0x10] (ttl 64, id 10080) Jan 11 16:57:34.286861 195.18.70.114.3861 > local.net.add.3208: S [tcp sum ok] 2355408965:2355408965(0) win 64240 <mss 1420,nop,nop,sackOK> (DF) (ttl 108, id 12159) Jan 11 16:57:34.286983 local.net.add.3208 > 195.18.70.114.3861: R [tcp sum ok] 0:0(0) ack 1 win 0 (DF) [tos 0x10] (ttl 64, id 10044) Jan 11 16:58:17.653335 153.42.221.173.3809 > local.net.add.3208: S [tcp sum ok] 4084916157:4084916157(0) win 64240 <mss 1420,nop,nop,sackOK> (DF) (ttl 108, id 42588) Jan 11 16:58:17.653691 local.net.add.3208 > 153.42.221.173.3809: R [tcp sum ok] 0:0(0) ack 4084916158 win 0 (DF) [tos 0x10] (ttl 64, id 10858) Jan 11 16:58:18.153992 153.42.221.173.3809 > local.net.add.3208: S [tcp sum ok] 4084916157:4084916157(0) win 64240 <mss 1420,nop,nop,sackOK> (DF) (ttl 108, id 42593) Jan 11 16:58:18.154106 local.net.add.3208 > 153.42.221.173.3809: R [tcp sum ok] 0:0(0) ack 1 win 0 (DF) [tos 0x10] (ttl 64, id 30506)
