This is our old Q&A Site. Please post any new questions and answers at

I have Wireshark 1.8.3 on two machines, one a Win7 x64 box and the other Win XP SP3 (32-bit).

Between 1 and 3 times per day the Win7 X64 machine tries to connect to TCP port 61899 of ( My routers firewall blocks these attempts but WTF?

Is there some option to disable this "phoning home"?

BTW Wireshark is NOT running during these attempts.

asked 08 Nov '12, 05:57

AnnoyedOne's gravatar image

accept rate: 0%

edited 08 Nov '12, 05:58

BTW Wireshark is NOT running during these attempts.

I don't think that there is such feature in Wireshark itself (at least I cannot find anything in the source code). Furthermore: If Wireshark is not running how could it cause those requests?

Most certainly something else on your system tries to create that connection (maybe a browser).

INTERESTINGLY that port (61899) is actually open on and if you connect to it with a browser, you will see something that's called Riverbed FlyRUM.

What is this??

alt text

UPDATE: It's javascript code hosted on that connects to that port. As soon as you browse to, the script in your browser tries to establish a connection to that port. So, my first assumption (see above) was right.

So, NO Wireshark is NOT phoning home!


permanent link

answered 08 Nov '12, 06:08

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
accept rate: 15%

edited 08 Nov '12, 07:11

Thanks for that.

That'll be (silently) blocked once I post this.

(08 Nov '12, 06:39) AnnoyedOne

looks like a tracking/web bug.

(08 Nov '12, 06:48) Kurt Knochner ♦

Yup. That bug is now "squashed" :-)

(08 Nov '12, 09:03) AnnoyedOne

Current and past versions of Wireshark shouldn't phone home on their own. A future version might do so if we ever get around to adding a "check for updates" feature.

The connections to and the page that Kurt found are for upcoming Riverbed product enhancements (called FlyScript) that a team is working on inside Riverbed. They needed a real-world environment for testing and I agreed to let them use the Wireshark web servers. They aren't quite ready for public consumption and a team of sharks equipped with lasers will be visiting Kurt momentarily.

As The 1x1.gif URL implies, it's a beacon used to measure the performance of connections to It isn't used to track visits beyond and it's not really accurate to call it a tracking/web bug. I use Google Analytics on the various sites and have used WebTuna in the past. Both use "web bugs" in the traditional sense.

@AnnoyedOne Can you confirm whether or not you had open in a browser when the connection to It might be helpful to the team developing the new feature set.

permanent link

answered 08 Nov '12, 10:33

Gerald%20Combs's gravatar image

Gerald Combs ♦♦
accept rate: 24%

edited 08 Nov '12, 10:42


no time... sharks everywhere ... two of them eliminated ... fire, fire!

see you tomorrow.. HOPEFULLY !!!

(08 Nov '12, 18:56) Kurt Knochner ♦

@Gerald Combs

It took me a few days of Googling etc to figure out, thanks to Kurt, that it was the Wireshark website trying to use port 61899. It was difficult to determine that because my router is configured to send me warning email when something attempts to use a non-standard and/or non-allowed port. Those log only told me what machine was sending the requests not what process/webpage etc.

I've now configure my router to silently drop all attempts.

Please allow any auto-update feature to be disabled. And I mean off-entirely. No phoning home.

(09 Nov '12, 08:07) AnnoyedOne
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 08 Nov '12, 05:57

question was seen: 2,285 times

last updated: 09 Nov '12, 08:07

p​o​w​e​r​e​d by O​S​Q​A