udp port 11789

  • Thread starter Thread starter federschuh
  • Start date Start date
F

federschuh

Guest
Hi,
weiss jemand was über port 11789 so abläuft?
Hab soviele pakete an diesen bei mir gar nicht benutzten port
von unzaehligen sender IPs (botnet? aus der ganzen Welt (das meiste aus China)).
Was versuchen die hacker (?) an diesen port abzuschicken?

Hab das mal geloggt::
Nov 27 04:07:24 w3 kernel: [2211619.064609] REJECT UDP IN=eth0 OUT= MAC=00:1b:21:ad:7b:d3:00:0c:db:4e:e8:00:08:00 SRC=117.57.218.80 DST=x.x.x.x LEN=34 TOS=0x00 PREC=0x00 TTL=50 ID=55452 PROTO=UDP SPT=40401 DPT=11789 LEN=14
Nov 27 04:07:24 w3 kernel: [2211619.064695] REJECT UDP IN=eth0 OUT= MAC=00:1b:21:ad:7b:d3:00:0c:db:4e:e8:00:08:00 SRC=117.57.218.80 DST=x.x.x.x LEN=34 TOS=0x00 PREC=0x00 TTL=50 ID=55453 PROTO=UDP SPT=40401 DPT=11789 LEN=14
....
 
Silent said:
http://www.speedguide.net/port.php?port=11789&print=friendly
Click to expand...

Danke, aber leider steht da, und auch sonst im Web, kaum brauchbares über diesen
zielport 11789. Apropos, am meisten kommen diese pakete vom quellport 40401,
aber auch darueber gibt's kaum nützliche information.

Also, es ist wirklich mysteriös: wieso sollten unzählige (d.h. viele) systeme, alle meistens
vom gleichen quellport 40401 an zielport 11789 unverlangte UDP pakete schicken?

Ich habe mir darüber den Kopf zerbrochen, aber komme zu keiner plausiblen Erklärung,
was denn der Grund sein könnte. So wie es aussieht wollen die ja ihre Daten loswerden,
d.h. die denken wohl hier ist der Server an den sie ihre Daten abschicken können/sollen/müssen usw.
Das ist natürlich falsch, denn dieser Port ist bei mir unbelegt, das ist ja das merkwürdige an der ganzen Geschichte...

Natürlich kann (und tue) ich diesen Port komplett sperren, dann prallen die pakete einfach an der Firewall ab,
aber was mich stört ist dass die Täter natürlich trotzdem _weiterhin_ Bandbreite verursachen...

Ist sonst niemand betroffen von diesem Problem?


Nachtrag: Hier sind einige der Täter IPs:
222.170.170.5
1.87.195.230
112.250.53.189
112.82.68.19
120.6.146.42
180.158.78.89
123.169.84.111
222.180.232.154
220.164.165.159
121.26.1.170
218.31.174.148
27.186.199.33
61.153.15.99
218.28.176.100
...
 
Last edited by a moderator:
PCFreund said:
Code: 
echo "netstat -aln"; netstat -aln; echo "netstat -al"; netstat -al;
... schon 'mal probiert? Wenn nicht, einfach 'mal die Ausgabe hier oder auf Pastebin/Nopaste posten und hier verlinken.
Click to expand...

Und wozu soll das im vorliegenden Fall (UDP-Traffic) gut sein?
Hast du Erfahrung auf diesem Gebiet?
 
Log doch mal den Traffic. Das kann alles mögliche sein.
 
DeaD_EyE said:
Log doch mal den Traffic. Das kann alles mögliche sein.
Click to expand...

Habe ich auch schon darüber nachgedacht, aber da muss man viel Zeit investieren
um die Daten zu analysieren. Dazu habe ich aber im Moment leider keine Zeit.

Mir hätte gereicht, wenn ich wüsste welches Programm diese Daten verschickt.
Ich schätze mal entweder irgendwelche schlechtprogrammierte (als ob es überhaupt gut programmierte gäbe :-) Gaming-Programme oder aber Spionage-Programme (Trojaner)...

Ich hab das Gefühl die Hälfte der Chinesen-Computer ist infiziert... eigentlich kein Wunder bei der Verspieltheit und Naivität (=Stupidität) der Chinesen...
 
Last edited by a moderator:
Schau doch einfach mal in die Pakete rein und schau was drin steht:
Code: 
tcpdump -A -s50000 port 11789
Sofern etwas halbwegs lesbares dabei rauskommt, bitte mal in Code-Tags posten.
 
Firewire2002 said:
Schau doch einfach mal in die Pakete rein und schau was drin steht:
Code: 
tcpdump -A -s50000 port 11789
Sofern etwas halbwegs lesbares dabei rauskommt, bitte mal in Code-Tags posten.
Click to expand...

Kannst du es entziffern? :

Code: 
# tcpdump -v -A -s50000 port 11789
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 50000 bytes
23:49:18.278105 IP (tos 0x0, ttl 49, id 13520, offset 0, flags [none], proto UDP (17), length 34)
    117.34.129.235.52930 > myhost.mydomain.tld.11789: UDP, length 6
..b...B..U.............
23:49:18.902378 IP (tos 0x0, ttl 114, id 40461, offset 0, flags [none], proto UDP (17), length 34)
    183.16.114.149.65209 > myhost.mydomain.tld.11789: UDP, length 6
..1s.....U............
23:49:18.904589 IP (tos 0x0, ttl 114, id 40462, offset 0, flags [none], proto UDP (17), length 34)
    183.16.114.149.65209 > myhost.mydomain.tld.11789: UDP, length 6
........U3.............
23:49:19.511259 IP (tos 0x0, ttl 119, id 18707, offset 0, flags [none], proto UDP (17), length 34)
    g225217247.adsl.alicedsl.de.64684 > myhost.mydomain.tld.11789: UDP, length 6
........I..............
23:49:30.932203 IP (tos 0x0, ttl 114, id 43979, offset 0, flags [none], proto UDP (17), length 34)
    218.70.113.215.40401 > myhost.mydomain.tld.11789: UDP, length 6
.........U.............
23:49:31.410680 IP (tos 0x0, ttl 46, id 5514, offset 0, flags [none], proto UDP (17), length 34)
    125.77.252.56.12379 > myhost.mydomain.tld.11789: UDP, length 6
......$..U.............
23:49:46.804944 IP (tos 0x0, ttl 111, id 32694, offset 0, flags [none], proto UDP (17), length 34)
    123.135.111.86.33350 > myhost.mydomain.tld.11789: UDP, length 6
......]..U.............
23:49:51.156960 IP (tos 0x0, ttl 40, id 943, offset 0, flags [none], proto UDP (17), length 34)
    123.125.165.175.26059 > myhost.mydomain.tld.11789: UDP, length 6
.........U.............
23:49:51.156993 IP (tos 0x0, ttl 40, id 944, offset 0, flags [none], proto UDP (17), length 34)
    123.125.165.175.26059 > myhost.mydomain.tld.11789: UDP, length 6
..6.....U3.............
23:49:55.025383 IP (tos 0x0, ttl 49, id 36639, offset 0, flags [none], proto UDP (17), length 46)
    AClermont-Ferrand-551-1-86-69.w92-150.abo.wanadoo.fr.4665 > myhost.mydomain.tld.11789: UDP, length 18
..,...}...mo_.e).M2....
23:49:55.616911 IP (tos 0x0, ttl 50, id 16612, offset 0, flags [none], proto UDP (17), length 34)
    182.38.20.52.40401 > myhost.mydomain.tld.11789: UDP, length 6
......H..U.............
23:49:55.903050 IP (tos 0x0, ttl 49, id 31813, offset 0, flags [none], proto UDP (17), length 46)
    AClermont-Ferrand-551-1-86-69.w92-150.abo.wanadoo.fr.4665 > myhost.mydomain.tld.11789: UDP, length 18
...6.........l...Q...G.
23:50:05.243168 IP (tos 0x0, ttl 48, id 41419, offset 0, flags [none], proto UDP (17), length 34)
    116.112.57.183.2780 > myhost.mydomain.tld.11789: UDP, length 6
E.."....0.`.tp9.Ur..
.........U............
23:50:18.466296 IP (tos 0x0, ttl 45, id 2375, offset 0, flags [none], proto UDP (17), length 34)
    123.190.223.190.54532 > myhost.mydomain.tld.11789: UDP, length 6
...P.....U................
23:50:18.506661 IP (tos 0x0, ttl 113, id 21323, offset 0, flags [none], proto UDP (17), length 34)
    111.123.206.19.28115 > myhost.mydomain.tld.11789: UDP, length 6
..gp..W..U.............
23:50:19.238183 IP (tos 0x0, ttl 42, id 7210, offset 0, flags [none], proto UDP (17), length 34)
    218.207.22.10.9897 > myhost.mydomain.tld.11789: UDP, length 6
E..".*..*......
...O.....U............
23:50:26.597928 IP (tos 0x0, ttl 55, id 0, offset 0, flags [DF], proto UDP (17), length 34)
    public122813.xdsl.centertel.pl.16652 > myhost.mydomain.tld.11789: UDP, length 6
..9....................
23:50:26.598411 IP (tos 0x0, ttl 55, id 0, offset 0, flags [DF], proto UDP (17), length 34)
    public122813.xdsl.centertel.pl.16652 > myhost.mydomain.tld.11789: UDP, length 6
..Z....2.U.............
23:50:37.774130 IP (tos 0x0, ttl 49, id 47097, offset 0, flags [none], proto UDP (17), length 34)
    114.84.135.29.40401 > myhost.mydomain.tld.11789: UDP, length 6
.........U.............
23:50:51.853788 IP (tos 0x0, ttl 112, id 26921, offset 0, flags [none], proto UDP (17), length 34)
    60.185.88.255.49706 > myhost.mydomain.tld.11789: UDP, length 6
..y......U.............
23:51:15.354437 IP (tos 0x0, ttl 49, id 7654, offset 0, flags [none], proto UDP (17), length 50)
    113.109.57.221.48023 > myhost.mydomain.tld.11789: UDP, length 22
..#c..".Y..V\l...?zZ.|Y..+
23:51:15.693771 IP (tos 0x0, ttl 47, id 60214, offset 0, flags [none], proto UDP (17), length 34)
    cncln.online.ln.cn.48618 > myhost.mydomain.tld.11789: UDP, length 6
..(".6../.a..<..Ur.....
.....U............
23:51:32.914043 IP (tos 0x0, ttl 50, id 58822, offset 0, flags [none], proto UDP (17), length 34)
    244.75.244.123.broad.cy.ln.dynamic.163data.com.cn.40401 > myhost.mydomain.tld.11789: UDP, length 6
.........U.............
23:51:48.607132 IP (tos 0x0, ttl 111, id 56020, offset 0, flags [none], proto UDP (17), length 34)
    61.133.208.246.40401 > myhost.mydomain.tld.11789: UDP, length 6
.........U.............
23:52:36.232461 IP (tos 0x0, ttl 48, id 40812, offset 0, flags [none], proto UDP (17), length 34)
    113.2.218.167.40401 > myhost.mydomain.tld.11789: UDP, length 6
..~W.....U.............
23:52:36.234476 IP (tos 0x0, ttl 48, id 40813, offset 0, flags [none], proto UDP (17), length 34)
    113.2.218.167.40401 > myhost.mydomain.tld.11789: UDP, length 6
...m....U3.............
23:53:11.901547 IP (tos 0x0, ttl 49, id 16248, offset 0, flags [none], proto UDP (17), length 34)
    123.166.16.96.40401 > myhost.mydomain.tld.11789: UDP, length 6
..=......U.............
23:53:11.901603 IP (tos 0x0, ttl 49, id 16249, offset 0, flags [none], proto UDP (17), length 34)
    123.166.16.96.40401 > myhost.mydomain.tld.11789: UDP, length 6
........U3.............
23:53:15.729745 IP (tos 0x0, ttl 110, id 5428, offset 0, flags [none], proto UDP (17), length 550)
    220.234.182.114.50261 > myhost.mydomain.tld.11789: UDP, length 522
.......a!........DF))...q....=.X.?..l...........!.hexY.,......M .....#..=.......'....&....Y?17+l.N.y.WR...'...+.....J   sg...bL!<... .z....5...+SA.     s.M+:$<~89.J..YPH.4.z..T ..O......+..{........gL..)..c.:......+.9bTE.....@M..q....8..8 NM..}..I.3..X......w.Hd*.=..:..e.HL...Y....N[uUZ...$s.B....  .Y.}0.g6...x.^.p[....7.@..,.....x..8.......6..R..... .fL..].@5u26'-.....5ZX....B.N:.w..A`.l.....h....=....N...
....)..
23:53:16.837552 IP (tos 0x0, ttl 110, id 5470, offset 0, flags [none], proto UDP (17), length 550)
    220.234.182.114.50261 > myhost.mydomain.tld.11789: UDP, length 522
..P...R.n......rUr...U.
.r07<....mn. ...&o....6v.V....T...U.-.
..\.}M....o......@.....%..,..1.....(A.......z...4LR.
.S@..!....i.    ..m....7...G..
....\...O-....D..(0..q......Ls...4.GC.S...d..J..,...?.0
.'.g.._/w..$@#...Bu2..V~.?1....b_U..OE6A.+.I......s
l.>...<..w....aH..N..   ..&>.8'.>p...}z.&....L.X...ZH...Ow.b.m..a....'Q ...xMiy].....r....>..0.u.....7..^.Oz......&..........@....S...Itf.GDA....Y.........a..0..C.6V
T...U+.~..C.4.-F*.%:0.2.R!...L.+.u/....`.[..a.3K..C..o.1...[.;|.....Zl.....w.C....6S....n`P     _......d...R.I..e,.D.....Q.g.m..t+
23:53:22.615858 IP (tos 0x0, ttl 49, id 19168, offset 0, flags [none], proto UDP (17), length 34)
    222.87.69.16.40401 > myhost.mydomain.tld.11789: UDP, length 6
..v...2..U.............
23:54:10.017239 IP (tos 0x0, ttl 50, id 25835, offset 0, flags [none], proto UDP (17), length 34)
    124.118.241.6.40401 > myhost.mydomain.tld.11789: UDP, length 6
.........U.............
23:54:10.230685 IP (tos 0x0, ttl 44, id 22057, offset 0, flags [none], proto UDP (17), length 34)
    112.0.216.161.49307 > myhost.mydomain.tld.11789: UDP, length 6
......Q..U.............
23:54:27.376548 IP (tos 0x0, ttl 49, id 32937, offset 0, flags [none], proto UDP (17), length 34)
    117.34.129.235.52930 > myhost.mydomain.tld.11789: UDP, length 6
..a...C..U.............
23:54:34.933837 IP (tos 0x0, ttl 114, id 44362, offset 0, flags [none], proto UDP (17), length 34)
    218.70.113.215.40401 > myhost.mydomain.tld.11789: UDP, length 6
.........U.............
23:54:44.737699 IP (tos 0x0, ttl 46, id 25394, offset 0, flags [none], proto UDP (17), length 34)
    125.77.252.56.17572 > myhost.mydomain.tld.11789: UDP, length 6
......%..U............
23:54:51.097473 IP (tos 0x0, ttl 116, id 5350, offset 0, flags [none], proto UDP (17), length 566)
    218.159.13.219.1139 > myhost.mydomain.tld.11789: UDP, length 538
.".I..Jx2...47.Y.....l.XH..X....f5....".R3.....!.UC.M@VZ.A0 ..@..$....M
.p.Jwf.......$.M...q`W....i...W($...&5y\p...O...J'.>q.3...Uc......+k...+N.8SauJ.@S._.H.l.....S........}..M.q...E..M.zx'..T..#.{..R[.c....i.X....G_....j8cA."...=.../....u...2.Th.0Q.2
....<...;._/..Z..4z6|.....y.@..RS.b.s.6..e.dS...[.c     \....+..P.Tj."@.....3.FO.)7.m.A.....B..............H..|&.....<...+#.h.........]...I7.=.i...\...7.v.._'...e...!.Ly..........MX."..........jb`a....   #.o...6v!.#.eZHk...............<..665x....g..2#L
23:55:02.861438 IP (tos 0x0, ttl 50, id 17576, offset 0, flags [none], proto UDP (17), length 34)
    182.38.20.52.40401 > myhost.mydomain.tld.11789: UDP, length 6
......I..U.............
23:55:09.262757 IP (tos 0x0, ttl 48, id 43560, offset 0, flags [none], proto UDP (17), length 34)
    58.18.17.11.1051 > myhost.mydomain.tld.11789: UDP, length 6
.........U.............
23:55:11.702900 IP (tos 0x0, ttl 40, id 28192, offset 0, flags [none], proto UDP (17), length 34)
    123.125.165.175.52607 > myhost.mydomain.tld.11789: UDP, length 6
..y&.....U.............
23:55:11.702929 IP (tos 0x0, ttl 40, id 28193, offset 0, flags [none], proto UDP (17), length 34)
    123.125.165.175.52607 > myhost.mydomain.tld.11789: UDP, length 6
...<....U3.............
23:55:11.939133 IP (tos 0x0, ttl 46, id 36001, offset 0, flags [none], proto UDP (17), length 34)
    56.229.30.121.adsl-pool.sx.cn.10169 > myhost.mydomain.tld.11789: UDP, length 6
.........U.............
23:55:19.455937 IP (tos 0x0, ttl 45, id 3064, offset 0, flags [none], proto UDP (17), length 34)
    123.190.223.190.54702 > myhost.mydomain.tld.11789: UDP, length 6
..,......U.............
23:55:34.346768 IP (tos 0x0, ttl 43, id 46110, offset 0, flags [none], proto UDP (17), length 650)
    221.122.20.3.24417 > myhost.mydomain.tld.11789: UDP, length 622
.v./...[:.j.Go..4*.....q.>..6iT...H.:....D...>..t.....4vWT.../.i.>Zg.9..a=.G.Z..U..`.V.#...'(.......a6...W.......;e(..  ....h.ZQ..{....c..Q.R6K...X....O..5E.C......H.....#1 ..cG.....)L.|..8v.@.T..e/.....>.....w..R...^2Cs@..4e03.1.P..Pi1s.7t....<........87o7..#^!.+.W.6.X...KO........@...dL%Fj.hW
..Q..!.-E......&.......}
..<..C.K&.L....W...].....P.....|u......^.<g.`..w..WE..m....;M.......<.%..,.xE.U........YV'..X..rS....^cz.u...C...e..G.WD...sJ..".r...]....H.F{....:.Ch,`.U.M.{Iy.j..
.=n.(8W....lhQCJ... ....f.F........s!E....W'....`f"...<..g....fR..o......P..
23:55:34.502714 IP (tos 0x0, ttl 113, id 21338, offset 0, flags [none], proto UDP (17), length 34)
    111.123.206.19.28115 > myhost.mydomain.tld.11789: UDP, length 6
..fp..X..U.............
23:55:39.239351 IP (tos 0x0, ttl 42, id 7495, offset 0, flags [none], proto UDP (17), length 34)
    218.207.22.10.9897 > myhost.mydomain.tld.11789: UDP, length 6
E..".G..*......
...O.....U............
23:55:51.227385 IP (tos 0x0, ttl 49, id 56222, offset 0, flags [none], proto UDP (17), length 34)
    114.84.135.29.40401 > myhost.mydomain.tld.11789: UDP, length 6
.........U.............
23:55:59.171476 IP (tos 0x0, ttl 48, id 31052, offset 0, flags [none], proto UDP (17), length 34)
    221.199.22.103.23490 > myhost.mydomain.tld.11789: UDP, length 6
......o..U.............
23:56:04.376855 IP (tos 0x0, ttl 47, id 1379, offset 0, flags [none], proto UDP (17), length 34)
    hn.kd.ny.adsl.40401 > myhost.mydomain.tld.11789: UDP, length 6
..........U............
23:56:04.376893 IP (tos 0x0, ttl 47, id 1380, offset 0, flags [none], proto UDP (17), length 34)
    hn.kd.ny.adsl.40401 > myhost.mydomain.tld.11789: UDP, length 6
.........U3............
23:56:27.683935 IP (tos 0x0, ttl 47, id 1597, offset 0, flags [none], proto UDP (17), length 34)
    cncln.online.ln.cn.48620 > myhost.mydomain.tld.11789: UDP, length 6
..'... ..U.............
23:56:36.402701 IP (tos 0x0, ttl 45, id 49199, offset 0, flags [none], proto UDP (17), length 90)
    cm164.epsilon255.maxonline.com.sg.61034 > myhost.mydomain.tld.11789: UDP, length 62
.F.|...Z.+...VQ...v..8.7.E;.RM..'..f.[...d.0?.....[.... .".F!.d^"]
23:56:39.493716 IP (tos 0x0, ttl 49, id 54603, offset 0, flags [none], proto UDP (17), length 34)
    197.231.244.123.broad.hld.ln.dynamic.163data.com.cn.53401 > myhost.mydomain.tld.11789: UDP, length 6
..;~.....U.............
23:56:52.046862 IP (tos 0x0, ttl 120, id 34139, offset 0, flags [none], proto UDP (17), length 50)
    mctnnbsa53w-156034039080.pppoe-dynamic.High-Speed.nb.bellaliant.net.60797 > myhost.mydomain.tld.11789: UDP, length 22
...3......96......yxZ...S.
23:56:54.983956 IP (tos 0x0, ttl 50, id 8137, offset 0, flags [none], proto UDP (17), length 34)
    244.75.244.123.broad.cy.ln.dynamic.163data.com.cn.40401 > myhost.mydomain.tld.11789: UDP, length 6
.........U.............
23:56:58.408763 IP (tos 0x0, ttl 48, id 37061, offset 0, flags [none], proto UDP (17), length 34)
    102.26.137.122.adsl-pool.jlccptt.net.cn.62743 > myhost.mydomain.tld.11789: UDP, length 6
......W..U.............
23:57:09.626712 IP (tos 0x0, ttl 111, id 12117, offset 0, flags [none], proto UDP (17), length 34)
    61.133.208.246.40401 > myhost.mydomain.tld.11789: UDP, length 6
.........U.............
23:57:31.328485 IP (tos 0x0, ttl 116, id 11796, offset 0, flags [none], proto UDP (17), length 34)
    218.159.13.219.1139 > myhost.mydomain.tld.11789: UDP, length 6
........t.V7..
.U............
23:57:36.299504 IP (tos 0x0, ttl 48, id 52837, offset 0, flags [none], proto UDP (17), length 34)
    113.2.218.167.40401 > myhost.mydomain.tld.11789: UDP, length 6
..}W.....U.............
23:58:00.215073 IP (tos 0x0, ttl 43, id 30055, offset 0, flags [none], proto UDP (17), length 46)
    112.2.255.230.20633 > myhost.mydomain.tld.11789: UDP, length 18
...#..h....Q.\..`8..X~.
23:58:01.306035 IP (tos 0x0, ttl 43, id 30056, offset 0, flags [none], proto UDP (17), length 46)
    112.2.255.230.20633 > myhost.mydomain.tld.11789: UDP, length 18
.......p%O../v.zt..+...
23:58:02.401891 IP (tos 0x0, ttl 43, id 30057, offset 0, flags [none], proto UDP (17), length 46)
    112.2.255.230.20633 > myhost.mydomain.tld.11789: UDP, length 18
..\i..EJh.....J.kI..$..
23:58:03.483354 IP (tos 0x0, ttl 43, id 30069, offset 0, flags [none], proto UDP (17), length 46)
    112.2.255.230.20633 > myhost.mydomain.tld.11789: UDP, length 18
......r.c1T....ge,..9..
23:58:04.592054 IP (tos 0x0, ttl 43, id 30073, offset 0, flags [none], proto UDP (17), length 46)
    112.2.255.230.20633 > myhost.mydomain.tld.11789: UDP, length 18
..!......].%Y.q..GH..F.
23:58:05.665004 IP (tos 0x0, ttl 43, id 30074, offset 0, flags [none], proto UDP (17), length 46)
    112.2.255.230.20633 > myhost.mydomain.tld.11789: UDP, length 18
.......K..g2.H\.-{..D..
23:58:06.767281 IP (tos 0x0, ttl 43, id 30075, offset 0, flags [none], proto UDP (17), length 46)
    112.2.255.230.20633 > myhost.mydomain.tld.11789: UDP, length 18
..9...9.86Z...;...<.)..
23:58:07.853486 IP (tos 0x0, ttl 43, id 30077, offset 0, flags [none], proto UDP (17), length 46)
    112.2.255.230.20633 > myhost.mydomain.tld.11789: UDP, length 18
..]..... J?...t...;..H.
23:58:08.952717 IP (tos 0x0, ttl 43, id 30078, offset 0, flags [none], proto UDP (17), length 46)
    112.2.255.230.20633 > myhost.mydomain.tld.11789: UDP, length 18
..........9..a..Abq(U..
23:58:10.040285 IP (tos 0x0, ttl 43, id 30079, offset 0, flags [none], proto UDP (17), length 46)
    112.2.255.230.20633 > myhost.mydomain.tld.11789: UDP, length 18
..g-..E.q.4.j..((T.....
23:58:11.125483 IP (tos 0x0, ttl 43, id 30080, offset 0, flags [none], proto UDP (17), length 46)
    112.2.255.230.20633 > myhost.mydomain.tld.11789: UDP, length 18
......?..".....G..A..\.
23:58:12.228708 IP (tos 0x0, ttl 43, id 30081, offset 0, flags [none], proto UDP (17), length 46)
    112.2.255.230.20633 > myhost.mydomain.tld.11789: UDP, length 18
......D......9.....oP..
23:58:13.324468 IP (tos 0x0, ttl 43, id 30082, offset 0, flags [none], proto UDP (17), length 46)
    112.2.255.230.20633 > myhost.mydomain.tld.11789: UDP, length 18
.........fR.>P/y.S.U...
23:58:14.411265 IP (tos 0x0, ttl 43, id 30088, offset 0, flags [none], proto UDP (17), length 46)
    112.2.255.230.20633 > myhost.mydomain.tld.11789: UDP, length 18
.......xH...x.3p.D'....
23:58:15.499945 IP (tos 0x0, ttl 43, id 30089, offset 0, flags [none], proto UDP (17), length 46)
    112.2.255.230.20633 > myhost.mydomain.tld.11789: UDP, length 18
.......u.e./#..._...E..
23:58:16.589521 IP (tos 0x0, ttl 43, id 30094, offset 0, flags [none], proto UDP (17), length 46)
    112.2.255.230.20633 > myhost.mydomain.tld.11789: UDP, length 18
...........0.Zz(}..h.^.
23:58:17.678327 IP (tos 0x0, ttl 43, id 30095, offset 0, flags [none], proto UDP (17), length 46)
    112.2.255.230.20633 > myhost.mydomain.tld.11789: UDP, length 18
......\..j4|....[j..&v.
23:58:18.779875 IP (tos 0x0, ttl 43, id 30104, offset 0, flags [none], proto UDP (17), length 46)
    112.2.255.230.20633 > myhost.mydomain.tld.11789: UDP, length 18
..jk...\g.....Y...:....
23:58:19.866848 IP (tos 0x0, ttl 43, id 30108, offset 0, flags [none], proto UDP (17), length 46)
    112.2.255.230.20633 > myhost.mydomain.tld.11789: UDP, length 18
..Z.....Z....\.....j.6.
23:58:20.956533 IP (tos 0x0, ttl 43, id 30126, offset 0, flags [none], proto UDP (17), length 46)
    112.2.255.230.20633 > myhost.mydomain.tld.11789: UDP, length 18
......W...E...P;.%...,.
23:58:22.056389 IP (tos 0x0, ttl 43, id 30129, offset 0, flags [none], proto UDP (17), length 46)
    112.2.255.230.20633 > myhost.mydomain.tld.11789: UDP, length 18
............8..%D..$.n.
23:58:23.143054 IP (tos 0x0, ttl 43, id 30131, offset 0, flags [none], proto UDP (17), length 46)
    112.2.255.230.20633 > myhost.mydomain.tld.11789: UDP, length 18
......Q........F.d.^...
23:58:24.228646 IP (tos 0x0, ttl 43, id 30132, offset 0, flags [none], proto UDP (17), length 46)
    112.2.255.230.20633 > myhost.mydomain.tld.11789: UDP, length 18
......,.......%.)_.....
23:58:25.323914 IP (tos 0x0, ttl 43, id 30133, offset 0, flags [none], proto UDP (17), length 46)
    112.2.255.230.20633 > myhost.mydomain.tld.11789: UDP, length 18
........1.E.)=2.'....D.
23:58:26.421526 IP (tos 0x0, ttl 43, id 30134, offset 0, flags [none], proto UDP (17), length 46)
    112.2.255.230.20633 > myhost.mydomain.tld.11789: UDP, length 18
......Vpk...p...Ur..P..
23:58:27.511388 IP (tos 0x0, ttl 43, id 30135, offset 0, flags [none], proto UDP (17), length 46)
    112.2.255.230.20633 > myhost.mydomain.tld.11789: UDP, length 18
......%....p.......EC..
23:58:28.607053 IP (tos 0x0, ttl 43, id 30138, offset 0, flags [none], proto UDP (17), length 46)
    112.2.255.230.20633 > myhost.mydomain.tld.11789: UDP, length 18
...}..*...L..vT...:bU..
23:58:29.303196 IP (tos 0x0, ttl 49, id 19863, offset 0, flags [none], proto UDP (17), length 34)
    123.166.16.96.40401 > myhost.mydomain.tld.11789: UDP, length 6
..<......U.............
23:58:29.303433 IP (tos 0x0, ttl 49, id 19864, offset 0, flags [none], proto UDP (17), length 34)
    123.166.16.96.40401 > myhost.mydomain.tld.11789: UDP, length 6
........U3.............
23:58:29.688099 IP (tos 0x0, ttl 43, id 30140, offset 0, flags [none], proto UDP (17), length 46)
    112.2.255.230.20633 > myhost.mydomain.tld.11789: UDP, length 18
......../v...0qh...`...
23:58:29.856612 IP (tos 0x0, ttl 49, id 19828, offset 0, flags [none], proto UDP (17), length 34)
    222.87.69.16.40401 > myhost.mydomain.tld.11789: UDP, length 6
..u...3..U.............
23:58:30.788290 IP (tos 0x0, ttl 43, id 30143, offset 0, flags [none], proto UDP (17), length 46)
    112.2.255.230.20935 > myhost.mydomain.tld.11789: UDP, length 18
.......OPP......b......
23:58:31.877149 IP (tos 0x0, ttl 43, id 30144, offset 0, flags [none], proto UDP (17), length 46)
    112.2.255.230.20935 > myhost.mydomain.tld.11789: UDP, length 18
.......K..T...yK.....".
23:58:32.976189 IP (tos 0x0, ttl 43, id 30145, offset 0, flags [none], proto UDP (17), length 46)
    112.2.255.230.20935 > myhost.mydomain.tld.11789: UDP, length 18
..?...qpt....&.E.}.~.B.
23:58:34.054169 IP (tos 0x0, ttl 43, id 30146, offset 0, flags [none], proto UDP (17), length 46)
    112.2.255.230.20935 > myhost.mydomain.tld.11789: UDP, length 18
..I.....$W.............
23:58:35.153444 IP (tos 0x0, ttl 43, id 30152, offset 0, flags [none], proto UDP (17), length 46)
    112.2.255.230.20935 > myhost.mydomain.tld.11789: UDP, length 18
...k...1+5y...b...!..T.
23:58:36.249729 IP (tos 0x0, ttl 43, id 30154, offset 0, flags [none], proto UDP (17), length 46)
    112.2.255.230.20935 > myhost.mydomain.tld.11789: UDP, length 18
...b..dJ...&;..X..F.ww.
23:58:37.334107 IP (tos 0x0, ttl 43, id 30157, offset 0, flags [none], proto UDP (17), length 46)
    112.2.255.230.20935 > myhost.mydomain.tld.11789: UDP, length 18
......EK.....Yl........
23:58:38.824166 IP (tos 0x0, ttl 111, id 28452, offset 0, flags [none], proto UDP (17), length 34)
    121.29.13.196.53214 > myhost.mydomain.tld.11789: UDP, length 6
.._).....U3............
23:59:13.741822 IP (tos 0x0, ttl 48, id 11369, offset 0, flags [none], proto UDP (17), length 34)
    119.60.162.28.25527 > myhost.mydomain.tld.11789: UDP, length 6
......#..U.............
23:59:17.225965 IP (tos 0x0, ttl 44, id 11477, offset 0, flags [none], proto UDP (17), length 34)
    112.0.216.161.49307 > myhost.mydomain.tld.11789: UDP, length 6
......R..U.............
23:59:30.998423 IP (tos 0x0, ttl 50, id 33915, offset 0, flags [none], proto UDP (17), length 34)
    124.118.241.6.40401 > myhost.mydomain.tld.11789: UDP, length 6
.........U.............
^C
101 packets captured
101 packets received by filter
0 packets dropped by kernel
 
You must log in or register to reply here.
Back
Top