Greetings, Destination port 6700 and 6688 are common napster ports. Any possible way you were running a napster client? -----Original Message----- From: Spookah . [mailto:k_linerat_private] Sent: Tuesday, May 01, 2001 7:58 PM To: INCIDENTSat_private Subject: Strange Activity While remotly connected to my home machine, I noticed alot of lag. I executed a 'netstat -a' which showed me nothing out of the ordinary. But when I started tcpdump I saw traffic which I could not account for. Here is a snip of my tcpdump log.. Key: x.x.x.x = my ip 16:26:14.957566 24.109.6.174.6700 > x.x.x.x.63781: tcp 0 (DF) 16:26:14.958509 x.x.x.x.63781 > 24.109.6.174.6700: tcp 1460 (DF) 16:26:14.959240 x.x.x.x.63781 > 24.109.6.174.6700: tcp 588 (DF) 16:26:15.155428 24.109.6.174.6700 > x.x.x.x.63781: tcp 0 (DF) 16:26:15.156308 x.x.x.x.63781 > 24.109.6.174.6700: tcp 1460 (DF) 16:26:15.157046 x.x.x.x.63781 > 24.109.6.174.6700: tcp 588 (DF) 16:26:15.242682 172.150.125.247.6688 > x.x.x.x.63783: tcp 0 (DF) 16:26:15.286571 172.174.174.84.6700 > x.x.x.x.63780: tcp 0 (DF) 16:26:15.443723 172.150.125.247.6688 > x.x.x.x.63783: tcp 0 (DF) 16:26:15.448809 x.x.x.x.63783 > 172.150.125.247.6688: tcp 1360 (DF) 16:26:15.449510 x.x.x.x.63783 > 172.150.125.247.6688: tcp 688 (DF) 16:26:15.479993 172.174.174.84.6700 > x.x.x.x.63780: tcp 0 (DF) 16:26:15.485314 x.x.x.x.63780 > 172.174.174.84.6700: tcp 1360 (DF) I was unable to capture any of the packets, and a nmap of my machine showed no unusual ports open. Anyone have any ideas on what this could have been? Thanks in advance, Spookah Network Technician Linux Administrator _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com
This archive was generated by hypermail 2b30 : Wed May 02 2001 - 08:57:54 PDT