1. Home
  2. Networking Firewalls
  3. blocked packet

blocked packet

could someone tell me what this packet is trying to do. port 35268 is my utorrent port. sorry for the bad format of the info. taken from pc tools firewall.

"Time" "Log Type" "Rule Name" "Action" "Direction" "Rule Type" "Adapter Zone" "Data Length" "Ethernet Source" "Ethernet Dest" "Ethernet Type" "IP Source" "IP Dest" "Protocol" "Port Src" "Port Dest" "2008/02/15 15:52:29" "eLogType_Packet" "All other packets" "0" "Inbound" "0" "FWInternetZone" "161" "00:14:2A:A5:F1:CC" "01:00:5E:40:98:8F" "IP" "192.168.2.5" "239.192.152.143" "UDP" "6771" "6771"

data

0000:42 54 2D 53 45 41 52 43 BT-SEARC 0008:48 20 2A 20 48 54 54 50 H * HTTP 0010:2F 31 2E 31 0D 0A 48 6F /1.1..Ho 0018:73 74 3A 20 32 33 39 2E st: 239. 0020:31 39 32 2E 31 35 32 2E 192.152. 0028:31 34 33 3A 36 37 37 31 143:6771 0030:0D 0A 50 6F 72 74 3A 20 ..Port: 0038:33 35 32 36 38 0D 0A 49 35268..I 0040:6E 66 6F 68 61 73 68 3A nfohash: 0048:20 46 45 32 30 33 45 36 FE203E6 0050:37 39 32 38 44 35 45 31 7928D5E1 0058:32 36 45 41 32 45 43 41 26EA2ECA 0060:45 37 41 38 32 39 41 41 E7A829AA 0068:42 33 37 37 45 45 31 41 B377EE1A 0070:37 0D 0A 0D 0A 0D 0A 7......
Reply to
mike
Loading thread data ...

Toy firewall produces toy results. What you show isn't all that informative.

[compton ~]$ etherwhois 00:14:2A 00-14-2A (hex) Elitegroup Computer System Co., Ltd 00142A (base 16) Elitegroup Computer System Co., Ltd No.22, Alley 38, Lane 91, Sec. 1, Nei Hu Road Taipei 114 TAIWAN, REPUBLIC OF CHINA [compton ~]$

Some Taiwanese clone manufacturer, probably a RealTek 8139 chipset (a common 10/100BaseT NIC) - the 01:00:5E is a Multicast destination, relatively meaningless because of the lack of IP header information.

192.168.2.5 is on your network somewhere - 239.192.152.143 is am "Organization-Local Scope" multicast address - see RFC2365. It's UDP with a source and destination port of 6771 - which is relatively meaningless without knowing what software you've installed. The "data" you show appears to be a BTrieve request, but you'll have to figure out why your "192.168.2.5" host is attempting to send this as a UDP datagram to a local multicast - as that doesn't exactly smell right.

So, what did you install on your windoze box?

Old guy

Reply to
Moe Trin

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.