[Intrusions] UDP traffic on port 48864

Andrew Daviel andrew at andrew.triumf.ca
Tue Jul 5 01:47:12 GMT 2005


On Sat, 25 Jun 2005, Jon Hedlund wrote:

> >>Andrew Daviel wrote Monday, June 13, 2005 6:42 PM
> >>> I've been seeing UDP traffic sent to a host here on port 48864; it seems

> It's appears to be responding to both the TCP and UDP packets which
> means there's a program listening on that port, both TCP and UDP. You
> can use the freeware TCPView at
> http://www.sysinternals.com/Utilities/TcpView.html to identify what app
> is listening on that port.

Thanks for the tip. (Linux equiv would be lsof)

Seems like it's the Skype client. However, there's a lot more traffic
(i.e. destinations)  than can be explained by exchanging presence
information with the users's buddies. I've mailed skype; maybe they'll
respond.


-- 
Andrew Daviel, TRIUMF, Canada
Tel. +1 (604) 222-7376  (Pacific Time)
security at triumf.ca



More information about the Intrusions mailing list