Customer login  |   Contact us
Home Company Products Support Purchase
Forum Home » Network Probe

Topic: UDP Port -1 ?
Replies: 2   Pages: 1   Last Post: May 4, 2007 11:16 AM by: bjorn


Back to Topic List Back to Topic List
Replies: 2   Pages: 1  
Mark Sorensen

Posts: 1
From: California, US
Registered: Feb 10, 2007
UDP Port -1 ?
Posted: Feb 10, 2007 12:20 AM
  Reply

I have the following appearing as one of the top 5 protocols:

Name...................Port..........Description
Ether.IP.UDP.Unknown...1.2048.17.-1..Unknown

Being a typical human, I desire to know the unknown

What is it?

Judging by packet captures, the packets being counted as "-1" is a compilation of a wide variety of different UDP ports...


Message was edited by: Mark Sorensen


gus_ivan

Posts: 1
From: UT
Registered: May 2, 2007
Re: UDP Port -1 ?
Posted: May 2, 2007 11:35 PM
  Reply

I have a similar smattering of these as well but they come in the form ether.IP.UDP.unknown ...1.2048.17.?

I see these packets all over the place and generally associated with external addresses. I'm concerned simply because i see many external sources associated with this coming inbound. I've noted that in some cases this is a long list of potential udp ports, but the ? mark in the protocol port reall throws me. Running version 2.1.1

bjorn

Posts: 13
From: Oslo, Norway
Registered: Jun 14, 2002
Re: UDP Port -1 ?
Posted: May 4, 2007 11:16 AM
  Reply

Hi,

These are protocol ports not listed in the file of known TCP ports from IANA. All ports not listed will be grouped into a .?/unknown port. The reason why these are grouped is to avoid tens of thousands of port numbers to store, swamping the memory of the probe.

Usually, when you seen many of these .? ports it is either filesharing, Skype, or other VoIP protocols. They use random ports.

Bjorn J. Kvande
ObjectPlanet, inc.



© 1998-2019 ObjectPlanet, Inc. Øvre Slottsgate 5, 0157 Oslo, Norway Tel (+47) 2233 3360 | Fax (+47) 2233 3361