• April 20, 2025, 11:44:16 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: Router Log Demystified  (Read 4517 times)

Lucid

  • Level 3 Member
  • ***
  • Posts: 139
Router Log Demystified
« on: November 21, 2008, 02:50:03 PM »
I rent rooms to students and allow them to utilize my internet and setup access policies to restrict usage. Once I started receiving the logs I became aware that I have no clue as to how to read TCP info:

[INFO] Fri Nov 21 02:58:27 2008 Blocked outgoing TCP packet from 192.168.0.196:53303 to 200.83.135.174:53091 as FIN:PSH:ACK received but there is no active connection   

and


INFO] Fri Nov 21 02:27:23 2008 Blocked incoming TCP connection request from 99.254.221.19:62392 to 99.232.62.255:52635   
[INFO] Fri Nov 21 02:25:55 2008 Blocked incoming TCP connection request from 99.254.221.19:62243 to 99.232.62.255:52635   
[INFO] Fri Nov 21 02:24:54 2008 Blocked incoming TCP connection request from 99.254.221.19:62146 to 99.232.62.255:52635   
[INFO] Fri Nov 21 02:22:58 2008 Blocked incoming UDP packet from 78.86.37.160:21328 to 99.232.62.255:50611   
[INFO] Fri Nov 21 02:22:44 2008 Blocked incoming TCP connection request from 99.254.221.19:61789 to 99.232.62.255:52635   
[INFO] Fri Nov 21 02:21:24 2008 Blocked incoming TCP connection request from 99.254.221.19:61579 to 99.232.62.255:52635   
[INFO] Fri Nov 21 02:16:54 2008 Blocked incoming TCP packet from 189.146.182.198:2199 to 99.232.62.255:52635 as RST:ACK received but there is no active connection   

If anyone knows o***ood resource that neatly explains TCP please advise. I'd like to be able to discern what is relevant and what is not.

Cheers!

Lucid.
Logged

EddieZ

  • Level 10 Member
  • *****
  • Posts: 2494
Re: Router Log Demystified
« Reply #1 on: November 21, 2008, 04:01:10 PM »
Lookup IP: http://www.arin.net/whois/ . Here you can check which firm has been assigned the range.
(no users named though  ;D )

About the ports in the log: I suspect it is a BitTorrent client using those ports. The Well Known Ports are those from 0 through 1023. The Registered Ports are those from 1024 through 49151 and both ranges are not to be used. The Dynamic and/or Private Ports are those from 49152 through 65535 and can be used freely. Also by trojans though.... :-\.
Logged
DIR-655 H/W: A2 FW: 1.33

war59312

  • Level 3 Member
  • ***
  • Posts: 123
    • Will's Blog
Re: Router Log Demystified
« Reply #2 on: November 21, 2008, 04:30:36 PM »
I would not worry about it.

That small of a number of blocked packets is probably just normal internet chatter. Random people on the net trying to hit your router.

Now if your seeing that every few seconds then yeah you need to check on it. But going by your time stamps it looks like its nothing.

Anyhow, there is no way to know if those are bittorrent packets or not. If you really want to know what is going on then run something like Wire Shark.
« Last Edit: November 21, 2008, 04:32:41 PM by war59312 »
Logged
God Bless America

Lucid

  • Level 3 Member
  • ***
  • Posts: 139
Re: Router Log Demystified
« Reply #3 on: November 21, 2008, 09:40:09 PM »
I'll check it.
Logged