In my wireshark pcap file for the first time in last few months I saw that there is transfer of lot of data over TCP port 60000, 60002, 60004, 60008. One side IP address belongs to otx.alienvault.com. But as per this & This website port 60000 is used by trojan/ backdoors/ deep throat etc. I am unable to trace the application using this port.
3295 2021-09-02 06:50:19.696773242 99.XX.XX.XX 100.XX.XX.XXX TCP 74 443 → 60000 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1440 SACK_PERM=1 TSval=143274654 TSecr=613246749 WS=512
On This link one suggest "Track down what machines are listening or using those ports and map those connections/ports back to their process ID." But how I don't know.
3391 2021-09-02 06:50:19.817344087 99.XX.XX.XX 100.XX.XX.XXX TLSv1.3 1494 Application Data [TCP segment of a reassembled PDU]
These were different ports 60000, 60002, 60004, 60008. I completely layman. Please help me.
The MAC addresses showing are not MAC address of my laptop. these are MAC addresses of some devices in network. Ethernet II, Src: XX:XX:XX:XX:38:8e (XX:XX:XX:XX:38:8e), Dst: XX:XX:XX:XX:09:a9 (XX:XX:XX:XX:09:a9)
0 Answers