Thanks a lot for all your replies : Admittedly I should have checked the ZoneAlarm readme and port listings, but why would a P2P port be open? I have no file sharing programs running (do they scan in the background?), or is it just other client servers scanning my computer for ports to connect to? If so are there any legal implements about scanning in this way?
Thanks for the ZoneLog information, I'll check it out. Regards, Thomas Madhavan ----- Original Message ----- From: "Scott Bowlus" <[EMAIL PROTECTED]> To: "Thomas Madhavan" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Monday, April 15, 2002 6:40 PM Subject: Re: Zonealarm log - what is this? > 6346 is the server port for gnutella. Those look like gnutella client > requests. The "S" you were asking about is the SYN TCP Header flag, which > indicates it is the intial client request for a tcp connection. > > Scott Bowlus > ----- Original Message ----- > From: "Thomas Madhavan" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Saturday, April 13, 2002 6:22 PM > Subject: Zonealarm log - what is this? > > > > Hi guys, I was wondering if you could sate my curiousity. > > > > My Linux box is a bit dead at the moment (argh I'm a newbie) so I'm using > > Win98. In my log files I came across this group of entries. > > > > ZoneAlarm Logging Client v2.6.362 > > Windows 98-4.10.2222- A -SP > > type,date,time,source,destination,transport > > FWIN,2002/03/27,22:00:36 +0:00 > GMT,65.80.28.184:1734,62.253.86.237:6346,TCP > > (flags:S) > > FWIN,2002/03/27,22:01:10 +0:00 > GMT,65.80.28.184:1921,62.253.86.237:6346,TCP > > (flags:S) > > FWIN,2002/03/27,22:01:40 +0:00 > GMT,65.80.28.184:2130,62.253.86.237:6346,TCP > > (flags:S) > > FWIN,2002/03/27,22:02:12 +0:00 > GMT,65.80.28.184:2337,62.253.86.237:6346,TCP > > (flags:S) > > FWIN,2002/03/27,22:03:25 +0:00 > GMT,65.80.28.184:2820,62.253.86.237:6346,TCP > > (flags:S) > > FWIN,2002/03/27,22:04:46 +0:00 > GMT,65.80.28.184:3329,62.253.86.237:6346,TCP > > (flags:S) > > FWIN,2002/03/27,22:06:07 +0:00 > GMT,65.80.28.184:3769,62.253.86.237:6346,TCP > > (flags:S) > > FWIN,2002/03/27,22:07:23 +0:00 > GMT,65.80.28.184:4243,62.253.86.237:6346,TCP > > (flags:S) > > FWIN,2002/03/27,22:08:42 +0:00 > GMT,65.80.28.184:4769,62.253.86.237:6346,TCP > > (flags:S) > > FWIN,2002/03/27,22:10:00 +0:00 > GMT,65.80.28.184:1333,62.253.86.237:6346,TCP > > (flags:S) > > FWIN,2002/03/27,22:11:18 +0:00 > GMT,65.80.28.184:1803,62.253.86.237:6346,TCP > > (flags:S) > > FWIN,2002/03/27,22:12:33 +0:00 > GMT,65.80.28.184:2216,62.253.86.237:6346,TCP > > (flags:S) > > FWIN,2002/03/27,22:13:47 +0:00 > GMT,65.80.28.184:2685,62.253.86.237:6346,TCP > > (flags:S) > > FWIN,2002/03/27,22:15:02 +0:00 > GMT,65.80.28.184:3168,62.253.86.237:6346,TCP > > (flags:S) > > FWIN,2002/03/27,22:16:23 +0:00 > GMT,65.80.28.184:3639,62.253.86.237:6346,TCP > > (flags:S) > > FWIN,2002/03/27,22:17:43 +0:00 > GMT,65.80.28.184:4119,62.253.86.237:6346,TCP > > (flags:S) > > FWIN,2002/03/27,22:19:00 +0:00 > GMT,65.80.28.184:4557,62.253.86.237:6346,TCP > > (flags:S) > > FWIN,2002/03/27,22:20:15 +0:00 > GMT,65.80.28.184:1079,62.253.86.237:6346,TCP > > (flags:S) > > FWIN,2002/03/27,22:21:30 +0:00 > GMT,65.80.28.184:1546,62.253.86.237:6346,TCP > > (flags:S) > > FWIN,2002/03/27,22:22:48 +0:00 > GMT,65.80.28.184:1994,62.253.86.237:6346,TCP > > (flags:S) > > FWIN,2002/03/27,22:24:07 +0:00 > GMT,65.80.28.184:2506,62.253.86.237:6346,TCP > > (flags:S) > > FWIN,2002/03/27,22:25:22 +0:00 > GMT,65.80.28.184:2988,62.253.86.237:6346,TCP > > (flags:S) > > FWIN,2002/03/27,22:26:45 +0:00 > GMT,65.80.28.184:3487,62.253.86.237:6346,TCP > > (flags:S) > > FWIN,2002/03/27,22:28:10 +0:00 > GMT,65.80.28.184:3965,62.253.86.237:6346,TCP > > (flags:S) > > FWIN,2002/03/27,22:29:31 +0:00 > GMT,65.80.28.184:4440,62.253.86.237:6346,TCP > > (flags:S) > > > > They're coming from different IPs, but directed to the same port? > > > > Could anyone tell me what 'Flags : S' is and also what 'FWIN' is about? > I've > > done searches for both but I can't get anything that will briefly tell me > > what it's about. > > > > Thanks. > > > > Thomas > > > > > >
