System logs indicates that one of my local machines keeps poking my other machine on port 21817/udp. WTF?!

Hi folks.

Noticed weird entries in journalctl:

Jan 14 00:38:25 wishmasus.loc kernel: Shorewall:net2fw:DROP:IN=docketh1 OUT= MAC=00:xx:yy:xz:Zs:Ss SRC=OtherLocalMachine DST=MyMachine LEN=151 TOS=0x00 PREC=0x00 TTL=64 ID=24209 DF PROTO=UDP SPT=21817 <<<<< SOURCE PORT IT TRIED TO REACH DPT=37647 LEN=131

I hate to see stuff like this especially if I don’t know where it comes from so I went to the machine that traffic came from and ran (as root):

netstat -lnp | grep 21817

just to find out that…

tcp 0 0* LISTEN 664/skype
udp 0 0* 664/skype

somebody left Skype running…

Ports can vary…

tcp 0 0* LISTEN 1956/skype
udp 0 0* 1956/skype

and it does not have to be Skype… but if You have a funny messages from shorewall in Your system journal – You can try searching for the source of them if You have access to the machine that sends them…




"Never meet Your heroes. Most of the time you'll only end up disappointed." White Polak Male Husband Employee Hetero Carnivorous Fugly Geek @$$hole with ADD Catholic “Some men just want to watch the world burn.”

Comments are closed.