System logs indicates that one of my local machines keeps poking my other machine on port 21817/udp. WTF?!

Hi folks.

Noticed weird entries in journalctl:

Jan 14 00:38:25 wishmasus.loc kernel: Shorewall:net2fw:DROP:IN=docketh1 OUT= MAC=00:xx:yy:xz:Zs:Ss SRC=OtherLocalMachine DST=MyMachine LEN=151 TOS=0x00 PREC=0x00 TTL=64 ID=24209 DF PROTO=UDP SPT=21817 <<<<< SOURCE PORT IT TRIED TO REACH DPT=37647 LEN=131

I hate to see stuff like this especially if I don’t know where it comes from so I went to the machine that traffic came from and ran (as root):

netstat -lnp | grep 21817

just to find out that…

tcp 0 0 0.0.0.0:21817 0.0.0.0:* LISTEN 664/skype
udp 0 0 0.0.0.0:21817 0.0.0.0:* 664/skype

somebody left Skype running…

Ports can vary…

tcp 0 0 0.0.0.0:37647 0.0.0.0:* LISTEN 1956/skype
udp 0 0 0.0.0.0:37647 0.0.0.0:* 1956/skype

and it does not have to be Skype… but if You have a funny messages from shorewall in Your system journal – You can try searching for the source of them if You have access to the machine that sends them…

Cheers.

Andrzej

Print Friendly, PDF & Email

AndrzejL

"Never meet Your heroes. Most of the time you'll only end up disappointed." White Polak Male Husband Employee Hetero Carnivorous Fugly Geek @$$hole with ADD Catholic “Some men just want to watch the world burn.”

Comments are closed.