Anyone ever seen this one before: I shut down my
WinNT server today to see what TCP/IP traffic a Windows
machines makes at powerdown. That is, I was tcpdump'ing on
another LAN member. And I saw this:
03:29:14.553849 192.168.123.130.1853 > 209.73.225.9.80: R
804849242:804849242(0) win 0 (DF) (ttl 128, id 7442)
03:29:14.553965 192.168.123.130.1852 > 209.73.225.9.80: R
804738457:804738457(0) win 0 (DF) (ttl 128, id 7698)
I did a whois on 209.73.225.9 and it came up with
something from either "PFM Communications: or "Cydoor
Technologies" (they seem to have overlapping IP space).
I've just started poking around to learn more
about these, check for spy-ware reports, adding -vv to the
tcpdump...but I thought I'd ask to see if anyone hear has
seen it before.
cheers,
Scott
PS: A Windows machine does spew some NetBIOS traffic to
the broadcast address at shutdown. :) Of course...when
*doesn't* it do that...
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
