Strange packets captured
Hello. I'm receiving strange packets. Does anybody have any idea what is it?
1 Answer
- Sort by
oldest newest most voted
0
Thanks for uploading the file and making sure the picture is available. The only things I can deduct are:
- IP address 112.11.202.22 Geo-locates to China
- Port 8999 might be related to Crypto, backup or quicktime (or something else completely)
- The packets are sent out every ~29 sec, which is kind-of odd (usually one would then see around 30 sec interval)
- Most UDP payload is the same in every packet, except for byte offset 4-7. These 32 bits seem to count up. As the value increases with ~29000000 between the packets, this looks like a microsecond counter.
Hope this helps a bit...
Comments
I don't know what that traffic is, but to take the discovery process a little further:
If you own/control 192.168.31.177, you could check to see if their is a UDP listener for that traffic coming in. If so, the name of the executable might give you a clue. As admin/root, in Linux, you could try
netstat -unlp
or in Windows,
netstat -p udp -nab
Since it is a Dell mac, I am assuming that it is not MacOS.
Look for UDP port 8999 in the results listing; is their an executable? If so, see if you can find where it came from. Maybe the folder it is in... or from Google.
Your Answer
Please start posting anonymously - your entry will be published after you log in or create a new account.
This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.
Comments
Not from a picture, and especially not from a picture that is no longer available. Could you upload the pcap file somewhere on a public share like dropbox, onedrive, etc and post the link here?
Oh, I'm sorry. https://drive.google.com/open?id=13Va...