What is Port 1828 / ITM-MCELL-U

Posted on 2005-04-06
Medium Priority
Last Modified: 2008-01-09
Can anyone tell me what Port 1828 / ITM-MCELL-U is used for?  An internet search tells me that Port 1828 = ITM-MCELL-U, but not what uses it.

I've seen  traffic on this port on the LAN / Internet but cannot identify it.

Thanks in advance.
Question by:absolutenetworks
  • 3
  • 2
LVL 13

Assisted Solution

gpriceee earned 150 total points
ID: 13716297
IP Authentication using Keyed MD5

Accepted Solution

fixnix earned 225 total points
ID: 13716669
Although there are standards for what runs on what port, they are not definitive answers.  Almost any server/daemon can be configured to listen on any port for any purpose.  Also, source and destination ports are typically different, but I'll assume you know that and are certain your port 1828 traffic is the destination port.

Depending on your network environment, weather you have physical/remote access to the machine generating the packets destined for 1828 or weather you are only able to sniff out those packets from elsewhere on the network, you could look up the IP address that is being connected to to get some hints.  Example:  if it is a typical windows workstation (non-techy user that insists on using IE to browse during breaks) that has these unidentified connections, and the IP it is connecting to resolves to something.blah.blah.ru and you have no reason to be connecting to a site in Russia, there is a near-certain chance it is some spyware app that has infected the machine in question and it could be sending anything from url's visited, keystrokes and screenshots, or company files/directories to this malicious overseas computer, in which case you should immediately block traffic to that IP at the firewall then take appropriate measures to scan/disinfect the misbehaving workstation.

If you have no access to the workstation in question and can't determine if the traffic is legit after sniffing the packets (like if it is a TLS connection or otherwise encrypted), you may have no choice but to block that traffic at the firewall then wait for a phone call from someone complaining about <application X> being broken.

I'm paranoid...if I see traffic I can't identify, my first reaction is to determine if it is malicious.  Hopefully it's not, but (IMO) it's better to check it out and be safe than sorry.

Author Comment

ID: 13724594
Thanks guys.  The traffic was on the LAN of a hopefully-to-be-customer, was a burst taking most of the 256k outgoing bandwidth of the broadband connection which is why I was interested.  [We were trying out an Allot NetEnforcer].  Because it isn't my LAN and we have no contractual responsibility for maintaining it I can't take it any further - much as I'd like to.  There may be manufactuting equipment on the LAN too (hence the port name?).  If it is IP Authentication then I don't understand why it should be taking up such a large part of the bandwidth.
Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

LVL 13

Expert Comment

ID: 13729112
I've seen some poorly-written applications hosted on cluster servers behind single, slow proxies.  Sometimes, each dialog box on a single page points to a different server in the cluster--with the single proxy re-authenticating HTTPS hundreds of thousands of times.  It can be a killer.
LVL 13

Expert Comment

ID: 13852694
Hi.  Do you have any other questions?

Author Comment

ID: 13916416
Thanks for the input - no further questions because as noted above I have no responsibility for the network in question.  Would still have liked to know what the protocol acutally was, but all attempts to trace it lead nowhere - or rather round in circles.

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
In this article I will be showing you how to subnet the easiest way possible for IPv4 (Internet Protocol version 4). This article does not cover IPv6. Keep in mind that subnetting requires lots of practice and time.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question