George Bakos <alpinistaat_private> writes: > Interesting bit of udp traffic broadcasting from a winnt box upon boot-up. > Haven't had a decent look at it yet, but the traffic pattern alone is > noteworthy. The user indicates that he ran a binary email attachment (arrrgh!) > a few days ago and since then his A-V won't succesfully start up. Well, searching the net I found a reference to a local network broadcast radio setup that uses udp packets going to port 54321, 54322, and 54323. However, I also found a (German) reference on how to configure bo2k which implied that 54322 was the default (granted, default tcp) port number. I'd go with a bet that it's bo2k of some sort. > 8 941.529657 10.1.53.192 -> 255.255.255.255 UDP Source port: 1042 > Destination port: 54322 > > 0 00a0 24c6 5a1e 0090 2787 ff98 0800 4500 ..$.Z...'.....E. > 10 0021 0000 4000 4011 9117 0a01 350d ffff .!..@.@......... > 20 ffff 0411 d432 000d b118 beba ab1f .....2........ Something odd is going on here: this appears to be the packet dump of a UDP packet going from 10.1.53.13:1041 -> 255.255.255.255:54322, not what the tcpdump header says. Did you do something unusual in your packet capture?
This archive was generated by hypermail 2b30 : Tue Apr 17 2001 - 13:45:13 PDT