>> >> My firewall is blocking periodic outbound connections to port 3680 on >> >> a Rackspace IP. How can I find out more about what's going on? Maybe >> >> which program is generating the connection requests? >> > >> > Uh, a packet sniffer? >> > >> > I have an old laptop here that I have a second (cardbus) network card in. >> > Really cheap and cheerful - the sort of thing you can pick up on >> > freecycle. It's been a while since I've done anything like this, but you >> > should be able to stick a box like that between the router and the rest >> > of your network, run Wireshark and filter on that port. If the >> > connection is encrypted then at least you'll see the originating IP. >> >> I've actually got the originating local IP from the shorewall log. >> I'm just trying to figure out which program and maybe which user on >> that system is generating the outbound requests to port 3680. Is >> there any way to get more info without setting up a new box? >> >> > I don't think it's relevant that the IP belongs to Rackspace - don't they >> > just hire (virtual) servers to anyone that wants one? >> >> Yeah I just meant the request could be going to "anyone". >> >> - Grant > > Are you running NPDS in your LAN and is it configured to access any sites on > rackspace? > -- > Regards, > Mick
I am not running NPDS. I looked it up when I was researching port 3680 and read about it for the first time. I know which machine is making the requests. Any way to drill down further? - Grant
