Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Network Traffic using DHCP IP on Port 7 and Port 80

Status
Not open for further replies.
mstewarth2opolo

mstewarth2opolo

IS-IT--Management
Jan 6, 2005
2
US
I work for a company that supports high speed internet in hotels, and we see traffic being generated on our network that is being sent to the DHCP IP address, and using TCP port 7, and TCP port 80. I have attached a screen shot of the traffic. IP 172.27.172.24 is the IP for the Guest, and IP 172.27.172.2 is the IP of our DHCP server. Does anyone know what this traffic is?

(106) 172.27.172.24/3110 <-> 12.170.115.66/5034 ---> 172.27.172.2/7 TCP MAPPED to=193

(107) 172.27.172.24/3111 <-> 12.170.115.66/5039 ---> 172.27.172.2/80 TCP MAPPED to=193

(108) 172.27.172.24/3113 <-> 12.170.115.66/5040 ---> 172.27.172.2/7 TCP MAPPED to=173

(109) 172.27.172.24/3114 <-> 12.170.115.66/5041 ---> 172.27.172.2/80 TCP MAPPED to=173

(110) 172.27.172.24/3116 <-> 12.170.115.66/5042 ---> 172.27.172.2/7 TCP MAPPED to=153

(111) 172.27.172.24/3117 <-> 12.170.115.66/5043 ---> 172.27.172.2/80 TCP MAPPED to=153

(112) 172.27.172.24/3118 <-> 12.170.115.66/5069 ---> 172.27.172.2/7 TCP MAPPED to=133

(113) 172.27.172.24/3119 <-> 12.170.115.66/5111 ---> 172.27.172.2/80 TCP MAPPED to=133

(114) 172.27.172.24/3121 <-> 12.170.115.66/5112 ---> 172.27.172.2/7 TCP MAPPED to=113

(115) 172.27.172.24/3122 <-> 12.170.115.66/5113 ---> 172.27.172.2/80 TCP MAPPED to=113

(116) 172.27.172.24/3124 <-> 12.170.115.66/5044 ---> 172.27.172.2/7 TCP MAPPED to=93

(117) 172.27.172.24/3125 <-> 12.170.115.66/5045 ---> 172.27.172.2/80 TCP MAPPED to=93

(118) 172.27.172.24/3126 <-> 12.170.115.66/5048 ---> 172.27.172.2/7 TCP MAPPED to=73

(119) 172.27.172.24/3127 <-> 12.170.115.66/5049 ---> 172.27.172.2/80 TCP MAPPED to=73

(120) 172.27.172.24/3129 <-> 12.170.115.66/5050 ---> 172.27.172.2/7 TCP MAPPED to=53

(121) 172.27.172.24/3130 <-> 12.170.115.66/5051 ---> 172.27.172.2/80 TCP MAPPED to=53

(122) 172.27.172.24/3132 <-> 12.170.115.66/5070 ---> 172.27.172.2/7 TCP MAPPED to=33

(123) 172.27.172.24/3133 <-> 12.170.115.66/5072 ---> 172.27.172.2/80 TCP MAPPED to=33

(124) 172.27.172.24/3134 <-> 12.170.115.66/5073 ---> 172.27.172.2/7 TCP MAPPED to=13

(125) 172.27.172.24/3135 <-> 12.170.115.66/5074 ---> 172.27.172.2/80 TCP MAPPED to=13
 
Sort by date Sort by votes
I know that TCP port 7 is used for Echo, and port 80 is HTTP. The question I wanted to know is what application or service runs that causes a system to try and access the DHCP server on port 7 and 80 simultaneously.
 
Upvote 0 Downvote
Could be a guest "just looking" or it could be a guest with a virus. I have a hotel client, looks like its the same organization btw, been having a heck of a time with infected guests hammering the router. Add in those that are running P2P apps like eDOnkey and Winmx without throttling back and its tough to maintain.

---p
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

CryptoTuke
  • Locked
  • Question
Maximum buffer size on Winsock for sending one block of data over TCP / IP
Replies
1
Views
827
maybeimaleo
maybeimaleo
Caps007
  • Locked
  • Question
Port Mirroring
Replies
1
Views
654
ADB100
ADB100
Tony D
  • Locked
  • Question
NAT Port Forwarding
Replies
0
Views
543
Tony D
Tony D
jmarkus
  • Locked
  • Question
Can I have a different private IP address which isn't on my router's subnet?
Replies
6
Views
692
sbcsu
sbcsu
Demon Monkey
  • Locked
  • Question
Whitelisting varying IP address?
Replies
2
Views
609
SamBones
SamBones

Part and Inventory Search

Sponsor

Back
Top