Ask Your Question
0

UDP Port 889 Broadcast (ip.ttl "Time to Live" only 1)

asked 2020-03-06 16:12:10 +0000

Chuckc gravatar image

I found packets like this on my home LAN.
A Google search "udp port 889 broadcast" turns up two good leads, one being the old Wireshark Q&A site.

https://osqa-ask.wireshark.org/questi...

The other site
https://forum.netgate.com/topic/11296...

has a good answer (if you scroll down far enough) but I thought in the spirit of DenverCoder9 it would be good to add a pcap, some screen shots of the diagnosis and notes.

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2020-03-06 16:21:17 +0000

Chuckc gravatar image

pcap showing broadcast about every 12 seconds
https://drive.google.com/file/d/1TeAt...
The data is anonymized. Mainly contains 0's.

sysinternals Process Monitor running on source machine image description

Options -> Show Resolved Network Addresses
Filter: Path Contains 889
Show Network Activity

sysinternals TCPView - it happens to be listening on the same port image description

Since it's listening you could also find it with netstat -anbp UDP

edit flag offensive delete link more

Comments

I use cFos and have the same traffic. Thanks for the pcap cause I was looking searching for info on 889. Yesterday, I found it connects to a provider in Germany in the pfSense logs so want to add it to the post. 144.76.59.84 , Data Center/Web Hosting/Transit, hetzner.de Germany. cfos.de,

kiowa gravatar imagekiowa ( 2021-02-18 15:18:40 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2020-03-06 16:12:10 +0000

Seen: 655 times

Last updated: Feb 18