- Posts: 13
- Thank you received: 0
Traffic between Source Port 9000 and Destination Port 50160
- Gordon_Freeman
- Topic Author
- Offline
- New Member
-
Less
More
18 years 3 weeks ago #17718
by Gordon_Freeman
Hello All
I wonder if anyone could help me? I was recently troubleshooting a clients NuPoint IP voice recorder as they were having distortion during playback.
I created a SPAN port and using Ethereal captured all the traffic to and from the port where the Nupoint was plugged into.
While analysing it I came across some very unusual traffic:
"17.189.13.21" "244.50.2.129" "IP" "Fragmented IP protocol (proto=SpectraLink 0x77
"196.217.200.184" "68.74.27.0" "IP" "Fragmented IP protocol (proto=Unknown 0xaa
"69.9.43.205" "113.63.50.69" "IP" "Fragmented IP protocol (proto=Backroom SATNET Mon 0x4c
"197.130.4.165" "165.67.115.0" "IP" "Fragmented IP protocol (proto=Unknown 0xf0
"249.8.122.58" "17.114.11.134" "IP" "Fragmented IP protocol (proto=Novell NCS Heartbeat 0xe0
"10.71.55.36" "191.51.47.248" "IP" "Fragmented IP protocol (proto=Remote Virtual Disk 0x42
"94.179.62.134" "145.195.67.105" "IP" "Fragmented IP protocol (proto=Unknown 0xeb
"204.65.70.247" "36.18.170.107" "IP" "Fragmented IP protocol (proto=IPComp 0x6c
"21.44.42.196" "117.104.45.250" "IP" "Fragmented IP protocol (proto=Wideband Expak 0x4f
"208.86.116.181" "205.123.95.55" "IP" "Fragmented IP protocol (proto=SM 0x7a
"185.101.215.203" "45.73.79.237" "IP" "Fragmented IP protocol (proto=Unknown 0xf3
"26.210.45.45" "226.232.64.17" "IP" "Fragmented IP protocol (proto=TLSP Kryptonet 0x38
"54.125.121.38" "125.110.201.14" "IP" "Fragmented IP protocol (proto=Unknown 0xb7
"131.217.193.30" "72.146.239.247" "IP" "Fragmented IP protocol (proto=Unknown 0xe5
"19.130.200.41" "26.6.232.107" "IP" "Fragmented IP protocol (proto=Unknown 0x8d
"225.0.122.11" "8.60.102.13" "IP" "Fragmented IP protocol (proto=Unknown 0xd1
"111.26.98.220" "9.112.45.61" "IP" "Fragmented IP protocol (proto=Unknown 0x93
"35.176.240.63" "4.10.172.30" "IP" "Fragmented IP protocol (proto=IPLT 0x81
"200.103.114.197" "75.4.237.53" "IP" "Fragmented IP protocol (proto=Unknown 0xc5
"8.210.40.75" "1.156.196.199" "IP" "Fragmented IP protocol (proto=IPX IN IP 0x6f
"63.33.104.13" "86.163.5.202" "IP" "Fragmented IP protocol (proto=Secure VMTP 0x52
"136.50.164.208" "225.50.212.174" "IP" "Fragmented IP protocol (proto=Unknown 0xb5
"104.95.246.18" "235.33.8.108" "IP" "Fragmented IP protocol (proto=IPv6 no next header 0x3b
"87.120.210.130" "167.22.95.136" "IP" "Fragmented IP protocol (proto=Unknown 0xb8
"191.42.33.11" "164.13.129.81" "IP" "Fragmented IP protocol (proto=Unknown 0x72
"115.170.6.208" "177.62.3.121" "IP" "Fragmented IP protocol (proto=TP++ 0x27
"90.62.135.111" "159.64.29.190" "IP" "Fragmented IP protocol (proto=Unknown 0xc5
"131.168.133.0" "46.137.128.70" "IP" "Fragmented IP protocol (proto=IGRP 0x09
"149.113.21.239" "63.83.178.164" "IP" "Fragmented IP protocol (proto=Unknown 0xc2
"13.166.45.128" "135.123.42.62" "IP" "Fragmented IP protocol (proto=Unknown 0xbc
"201.115.216.150" "179.40.127.23" "IP" "Fragmented IP protocol (proto=Unknown 0x99
"124.175.131.6" "174.109.99.147" "IP" "Fragmented IP protocol (proto=MFE NSP 0x1f
"243.175.92.226" "63.31.146.197" "IP" "Fragmented IP protocol (proto=Unknown 0xf9
"144.27.209.111" "235.109.246.60" "IP" "Fragmented IP protocol (proto=Mobile IPv6 0x87
"37.149.207.115" "75.186.208.21" "IP" "Fragmented IP protocol (proto=NSFNET IGP 0x55
"244.111.87.205" "23.140.33.186" "IP" "Fragmented IP protocol (proto=Unknown 0x92
"37.82.221.195" "211.43.23.140" "IP" "Fragmented IP protocol (proto=ISIS over IP 0x7c
"198.108.55.183" "161.56.21.52" "IP" "Fragmented IP protocol (proto=CPHB 0x49
"222.178.66.10" "145.124.38.16" "IP" "Fragmented IP protocol (proto=IPv6 routing 0x2b
"137.187.223.5" "160.2.238.227" "IP" "Fragmented IP protocol (proto=PIM 0x67
"72.116.61.54" "82.201.53.36" "IP" "Fragmented IP protocol (proto=VISA 0x46
"154.232.238.146" "151.65.163.47" "IP" "Fragmented IP protocol (proto=Locus ARP 0x5b
"23.207.107.218" "107.83.145.242" "IP" "Fragmented IP protocol (proto=Unknown 0xd6
"209.234.247.233" "50.8.151.206" "IP" "Fragmented IP protocol (proto=NBMA ARP 0x36
This traffic, although looks like it is between public IP addresses, is actualy between two devices on the private network using a Source port of 9000 and Destination Ports of 50160 or 50168.
It may be Viral, but I don't think so.
Any ideas would be appreciated.
[/img]
I wonder if anyone could help me? I was recently troubleshooting a clients NuPoint IP voice recorder as they were having distortion during playback.
I created a SPAN port and using Ethereal captured all the traffic to and from the port where the Nupoint was plugged into.
While analysing it I came across some very unusual traffic:
"17.189.13.21" "244.50.2.129" "IP" "Fragmented IP protocol (proto=SpectraLink 0x77
"196.217.200.184" "68.74.27.0" "IP" "Fragmented IP protocol (proto=Unknown 0xaa
"69.9.43.205" "113.63.50.69" "IP" "Fragmented IP protocol (proto=Backroom SATNET Mon 0x4c
"197.130.4.165" "165.67.115.0" "IP" "Fragmented IP protocol (proto=Unknown 0xf0
"249.8.122.58" "17.114.11.134" "IP" "Fragmented IP protocol (proto=Novell NCS Heartbeat 0xe0
"10.71.55.36" "191.51.47.248" "IP" "Fragmented IP protocol (proto=Remote Virtual Disk 0x42
"94.179.62.134" "145.195.67.105" "IP" "Fragmented IP protocol (proto=Unknown 0xeb
"204.65.70.247" "36.18.170.107" "IP" "Fragmented IP protocol (proto=IPComp 0x6c
"21.44.42.196" "117.104.45.250" "IP" "Fragmented IP protocol (proto=Wideband Expak 0x4f
"208.86.116.181" "205.123.95.55" "IP" "Fragmented IP protocol (proto=SM 0x7a
"185.101.215.203" "45.73.79.237" "IP" "Fragmented IP protocol (proto=Unknown 0xf3
"26.210.45.45" "226.232.64.17" "IP" "Fragmented IP protocol (proto=TLSP Kryptonet 0x38
"54.125.121.38" "125.110.201.14" "IP" "Fragmented IP protocol (proto=Unknown 0xb7
"131.217.193.30" "72.146.239.247" "IP" "Fragmented IP protocol (proto=Unknown 0xe5
"19.130.200.41" "26.6.232.107" "IP" "Fragmented IP protocol (proto=Unknown 0x8d
"225.0.122.11" "8.60.102.13" "IP" "Fragmented IP protocol (proto=Unknown 0xd1
"111.26.98.220" "9.112.45.61" "IP" "Fragmented IP protocol (proto=Unknown 0x93
"35.176.240.63" "4.10.172.30" "IP" "Fragmented IP protocol (proto=IPLT 0x81
"200.103.114.197" "75.4.237.53" "IP" "Fragmented IP protocol (proto=Unknown 0xc5
"8.210.40.75" "1.156.196.199" "IP" "Fragmented IP protocol (proto=IPX IN IP 0x6f
"63.33.104.13" "86.163.5.202" "IP" "Fragmented IP protocol (proto=Secure VMTP 0x52
"136.50.164.208" "225.50.212.174" "IP" "Fragmented IP protocol (proto=Unknown 0xb5
"104.95.246.18" "235.33.8.108" "IP" "Fragmented IP protocol (proto=IPv6 no next header 0x3b
"87.120.210.130" "167.22.95.136" "IP" "Fragmented IP protocol (proto=Unknown 0xb8
"191.42.33.11" "164.13.129.81" "IP" "Fragmented IP protocol (proto=Unknown 0x72
"115.170.6.208" "177.62.3.121" "IP" "Fragmented IP protocol (proto=TP++ 0x27
"90.62.135.111" "159.64.29.190" "IP" "Fragmented IP protocol (proto=Unknown 0xc5
"131.168.133.0" "46.137.128.70" "IP" "Fragmented IP protocol (proto=IGRP 0x09
"149.113.21.239" "63.83.178.164" "IP" "Fragmented IP protocol (proto=Unknown 0xc2
"13.166.45.128" "135.123.42.62" "IP" "Fragmented IP protocol (proto=Unknown 0xbc
"201.115.216.150" "179.40.127.23" "IP" "Fragmented IP protocol (proto=Unknown 0x99
"124.175.131.6" "174.109.99.147" "IP" "Fragmented IP protocol (proto=MFE NSP 0x1f
"243.175.92.226" "63.31.146.197" "IP" "Fragmented IP protocol (proto=Unknown 0xf9
"144.27.209.111" "235.109.246.60" "IP" "Fragmented IP protocol (proto=Mobile IPv6 0x87
"37.149.207.115" "75.186.208.21" "IP" "Fragmented IP protocol (proto=NSFNET IGP 0x55
"244.111.87.205" "23.140.33.186" "IP" "Fragmented IP protocol (proto=Unknown 0x92
"37.82.221.195" "211.43.23.140" "IP" "Fragmented IP protocol (proto=ISIS over IP 0x7c
"198.108.55.183" "161.56.21.52" "IP" "Fragmented IP protocol (proto=CPHB 0x49
"222.178.66.10" "145.124.38.16" "IP" "Fragmented IP protocol (proto=IPv6 routing 0x2b
"137.187.223.5" "160.2.238.227" "IP" "Fragmented IP protocol (proto=PIM 0x67
"72.116.61.54" "82.201.53.36" "IP" "Fragmented IP protocol (proto=VISA 0x46
"154.232.238.146" "151.65.163.47" "IP" "Fragmented IP protocol (proto=Locus ARP 0x5b
"23.207.107.218" "107.83.145.242" "IP" "Fragmented IP protocol (proto=Unknown 0xd6
"209.234.247.233" "50.8.151.206" "IP" "Fragmented IP protocol (proto=NBMA ARP 0x36
This traffic, although looks like it is between public IP addresses, is actualy between two devices on the private network using a Source port of 9000 and Destination Ports of 50160 or 50168.
It may be Viral, but I don't think so.
Any ideas would be appreciated.
[/img]
Time to create page: 0.109 seconds