Options
Ip String with a weird unregistered port number
Hi everyone,
Im wondering if anyone can help me with this issue here, my network admin sent me a IP log and wants to know more about it because he couldnt figure it out neither could our ISP.
This log file contains our pvt ip address and there is a port number assigned to it in the range of 50000 and 60000 to me it sounds like a virus or a trojan using that port...
here is the log... i have it for all the systems here in my office thats a just a part of it.. all help appreciated guys
15:18:18.774717 IP 192.168.3.113.53155 > cds11.ams9.llnw.net.www: . ack 2880 win 65535
15:18:18.778859 IP cds11.ams9.llnw.net.www > 192.168.3.113.53155: . 2880:4320(1440) ack 1 win 65535
15:18:18.778984 IP cds11.ams9.llnw.net.www > 192.168.3.113.53155: . 4320:5760(1440) ack 1 win 65535
15:18:18.781994 IP 192.168.3.113.53155 > cds11.ams9.llnw.net.www: . ack 5760 win 65535
15:18:18.785480 IP cds11.ams9.llnw.net.www > 192.168.3.113.53155: . 5760:7200(1440) ack 1 win 65535
15:18:18.785605 IP cds11.ams9.llnw.net.www > 192.168.3.113.53155: . 7200:8640(1440) ack 1 win 65535
Cheers
Indyguy
Im wondering if anyone can help me with this issue here, my network admin sent me a IP log and wants to know more about it because he couldnt figure it out neither could our ISP.
This log file contains our pvt ip address and there is a port number assigned to it in the range of 50000 and 60000 to me it sounds like a virus or a trojan using that port...
here is the log... i have it for all the systems here in my office thats a just a part of it.. all help appreciated guys
15:18:18.774717 IP 192.168.3.113.53155 > cds11.ams9.llnw.net.www: . ack 2880 win 65535
15:18:18.778859 IP cds11.ams9.llnw.net.www > 192.168.3.113.53155: . 2880:4320(1440) ack 1 win 65535
15:18:18.778984 IP cds11.ams9.llnw.net.www > 192.168.3.113.53155: . 4320:5760(1440) ack 1 win 65535
15:18:18.781994 IP 192.168.3.113.53155 > cds11.ams9.llnw.net.www: . ack 5760 win 65535
15:18:18.785480 IP cds11.ams9.llnw.net.www > 192.168.3.113.53155: . 5760:7200(1440) ack 1 win 65535
15:18:18.785605 IP cds11.ams9.llnw.net.www > 192.168.3.113.53155: . 7200:8640(1440) ack 1 win 65535
Cheers
Indyguy
Comments
-
Options
indyguy
Member Posts: 34 ■■□□□□□□□□
cisco_trooper wrote: »
hey buddy, thanks a lot for helping me out here, really appreciate your help thanks again..
just one more question... as to wat i understand from the article is that this bot server spiders your website.... but our web server is located offsite in a data center... so i am just trying to get my head around this and want to know how could the internal users generate so much traffic or how could this bot server spider the web site and get into our internal network... its a bit confusing for me ... i would appreciate it if you could put this right for me.
Cheers
Indyguy