<div>
Port 1823 is registered to Unisys License Manager. &nbsp;It sounds like an unconfigured application on your server is sending the packet.
</div>


Port 1823 is registered to Unisys License Manager.  It sounds like an unconfigured application on your server is sending the packet.

<div>
try running fport on the suspect host...it will tell you what programs are bound to what ports...<br />
<br />
<a href="http://www.foundstone.com/rdlabs/tools.php?category=Forensic" rel="ugc">http://www.foundstone.com/rdlabs/tools.php?category=Forensic</a><br />
<br />
if the attempted connection is at (what appears to be) the upper port range, you may have to poll at periodic intervals to trap the application.<br />
<br />
if it's static from the source port, then it should pull up on the first run.
</div>


try running fport on the suspect host...it will tell you what programs are bound to what ports...

http://www.foundstone.com/rdlabs/tools.php?category=Forensic [http://www.foundstone.com/rdlabs/tools.php?category=Forensic]

if the attempted connection is at (what appears to be) the upper port range, you may have to poll at periodic intervals to trap the application.

if it's static from the source port, then it should pull up on the first run.

<div>
It appears to have been something to do with Backup Exec 8.6. &nbsp;I found this by going through the services one by one stoping them. &nbsp;Thanks for the pointer to fport Droby10.<br />
<br />
Thanks.. Bill<br />

</div>


It appears to have been something to do with Backup Exec 8.6.  I found this by going through the services one by one stoping them.  Thanks for the pointer to fport Droby10.

Thanks.. Bill


<div>
<div class="content wysiwyg-content">
Hi, on my firewall logs I see this particular server is generating this packet every 3-4 minutes. &nbsp;How can I find out what process is generating the packet and what it is?<br />
<br />
C:\&gt;NETSTAT<br />
<br />
Active Connections<br />
<br />
&nbsp; Proto &nbsp;Local Address &nbsp;Foreign Address &nbsp;State<br />
&nbsp; TCP &nbsp; &nbsp;ntserver:3673 &nbsp;1.0.0.1:1823 &nbsp; &nbsp; SYN_SENT<br />
<br />
Note that I have never used subnet 1.0.0.1 and can't find port 1823 referenced on any of the 'well known port' lists.<br />

</div>
</div>


Hi, on my firewall logs I see this particular server is generating this packet every 3-4 minutes.  How can I find out what process is generating the packet and what it is?

C:\>NETSTAT

Active Connections

  Proto  Local Address  Foreign Address  State
  TCP    ntserver:3673  1.0.0.1:1823     SYN_SENT

Note that I have never used subnet 1.0.0.1 and can't find port 1823 referenced on any of the 'well known port' lists.


Packet to 1.0.0.1:1823 ??

Network analysis is the process of identifying and remediating the processes and systems within a network, including performance, connectivity and security. The process is performed through the use of tools developed for monitoring and analyzing network activity. Network problems that involve finding an optimal way of doing something are studied under the name combinatorial optimization. Examples include network flow, shortest path problem, transport problem, transshipment problem, location problem, matching problem, assignment problem, packing problem, routing problem, Critical Path Analysis and PERT (Program Evaluation & Review Technique).

Network Analysis

Networking is the process of connecting computing devices, peripherals and terminals together through a system that uses wiring, cabling or radio waves that enable their users to communicate, share information and interact over distances. Often associated are issues regarding operating systems, hardware and equipment, cloud and virtual networking, protocols, architecture, storage and management.