[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Thousands of hits on port 3208



(Cross posted from filter group too since it seems really dead today)
I just started playing with packet filtering so may be a little
behind the game.  I'm seeing thousands of hits on port 3208. That is,
if I'm reading the lines right.
Runnign tcpdump in -r mode against an accumulated pile of traffic like
  ttcpdump -v -ttt  -r /var/log/dump_all_*9 port 3208
There are 6400+ hits in just about 4-5 hrs of accumulated traffic.
 (this is a small home network)
The local.net.add address is a local net address that is being NATted
at a hardware NETGEAR router upstream.
So you see my machine is responding from port 3208 as well.
Anyone recognize what this is?
 
Jan 11 16:57:33.545426 local.net.add.3208 > 195.18.70.114.3861: R
[tcp sum ok] 0:0(0) ack 1 win 0 (DF) [tos 0x10] (ttl 64, id 10080)
Jan 11 16:57:34.286861 195.18.70.114.3861 > local.net.add.3208: S
[tcp sum ok] 2355408965:2355408965(0) win 64240 <mss
1420,nop,nop,sackOK> (DF) (ttl 108, id 12159)
Jan 11 16:57:34.286983 local.net.add.3208 > 195.18.70.114.3861: R
[tcp sum ok] 0:0(0) ack 1 win 0 (DF) [tos 0x10] (ttl 64, id 10044)
Jan 11 16:58:17.653335 153.42.221.173.3809 > local.net.add.3208: S
[tcp sum ok] 4084916157:4084916157(0) win 64240 <mss
1420,nop,nop,sackOK> (DF) (ttl 108, id 42588)
Jan 11 16:58:17.653691 local.net.add.3208 > 153.42.221.173.3809: R
[tcp sum ok] 0:0(0) ack 4084916158 win 0 (DF) [tos 0x10] (ttl 64, id
10858)
Jan 11 16:58:18.153992 153.42.221.173.3809 > local.net.add.3208: S
[tcp sum ok] 4084916157:4084916157(0) win 64240 <mss
1420,nop,nop,sackOK> (DF) (ttl 108, id 42593)
Jan 11 16:58:18.154106 local.net.add.3208 > 153.42.221.173.3809: R
[tcp sum ok] 0:0(0) ack 1 win 0 (DF) [tos 0x10] (ttl 64, id 30506)