1/3 of my captured Packets are UDP packets from the same IP in my Network. Always 72 length and the info is always "Source Port: 58869 Destination port: 8009" The UDP stream consists of for the entire conversation. I cringe at the name yes, but what traffic is it? It doesn't seem to end.I might add the source is a computer name I guess "AsusXxx_e8:3e ... " and it's IPv4. Thanks for your help :) asked 26 Jan '14, 05:46 J4D0 edited 26 Jan '14, 05:59 |
One Answer:
The normal way to determine what kind of traffic that is would be to go to that PC and check the process list to find the application using that source port (or destination port, depending on who is who), by using the "netstat" command line tool or a GUI tool like TCPView. If you can't access the PC (e.g. because it is not yours) you can only guess. answered 26 Jan '14, 05:59 Jasper ♦♦ |
I can't easily access the Pc :s What would be a likely guess? I think it is suspicious, that the traffic is always and every day the same... I ran an nmap scan, too if it would help the cause...
What is the target IP of those packets? Can you find out anything about that? I doubt nmap is going to help here, unless that UDP application reacts to a UDP port scan with a banner.
target is :/ and no it doesn't.
So the target is the broadcast address. Which means that the source PC is just telling everyone on the network it's address and host name I guess. I wouldn't worry about it, it's probably some kind of name resolution protocol.