Hi, In my company i have configured my firewall (Smoothwall) to drop all traffic from all the subnet 192.168.0.0/24 except some port like http, https, ftp, pop.
This configuration seams works fine, infact the other services that use different ports no Work.
For curiosity, i use the command tcpdump to analyze the traffic and i didn't uderstand why the firewall log thousand of records regarding the trafficthat report below. What is the traffic mean? (please, don't suppose) The traffic mean that some user download by P2P with closed port or instead mean thet the user TRY to download by P2P?
It is very strange, but i dont have the enought know-how to read correctly the tcpdump log.
Can I help me?
22:25:00.058138 IP 82.105.X.X.1287 > 192.168.0.100.6784: . ack 332387 win 65535 22:25:00.058832 IP 192.168.0.100.6784 > 82.105.X.X.1287: . 333819:335251(1432) ack 0 win 5840 22:25:00.131136 IP 82.105.X.X.1287 > 192.168.0.100.6784: . ack 335251 win 65535 22:25:00.131824 IP 192.168.0.100.6784 > 82.105.X.X.1287: . 335251:336683(1432) ack 0 win 5840 22:25:00.131945 IP 192.168.0.100.6784 > 82.105.X.X.1287: . 336683:338115(1432) ack 0 win 5840 22:25:00.132065 IP 192.168.0.100.6784 > 82.105.X.X.1287: . 338115:339547(1432) ack 0 win 5840