Ask Your Question
0

Why Src My Computer Accessing An Apple IP Address Dst. When I Did Not Search This Out?

asked 2022-07-24 21:06:00 +0000

Vtechie gravatar image

updated 2022-07-25 09:15:16 +0000

Guy Harris gravatar image

Why is my computer accessing a Apple IP Address when I did not even search for anything on or about this scanstat port. How would I find out more about this.

Thank you so very much

Vtechie

Frame 10027: 66 bytes on wire, 66 bytes captured on interface \Device\NPF_{}, id 0
Ethernet II, Src: Dell_ (), Dst: ASUSTekC_()
Internet Protocol Version 4, Src: 192.168.50.112 (192.168.50.112), Dst: 17.253.25.202 (17.253.25.202)
    0100 .... = Version: 4
    .... 0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
    Total Length: 52
    Identification: 0x0e7c (3708)
    Flags: 0x40, Don't fragment
    ...0 0000 0000 0000 = Fragment Offset: 0
    Time to Live: 128
    Protocol: TCP (6)
    Header Checksum: 0x0000 incorrect, should be 0xcd68(may be caused by "IP checksum offload"?)
        [Expert Info (Error/Checksum): Bad checksum [should be 0xcd68]]
    [Header checksum status: Bad]
    [Calculated Checksum: 0xcd68]
    Source Address: 192.168.50.112 (192.168.50.112)
    <Source or Destination Address: 192.168.50.112 (192.168.50.112)>
    <[Source Host: 192.168.50.112]>
    <[Source or Destination Host: 192.168.50.112]>
    Destination Address: 17.253.25.202 (17.253.25.202)
    <Source or Destination Address: 17.253.25.202 (17.253.25.202)>
    <[Destination Host: 17.253.25.202]>
    <[Source or Destination Host: 17.253.25.202]>
Transmission Control Protocol, Src Port: scanstat-1 (1215), Dst Port: http (80), Seq: 0, Len: 0
    Source Port: scanstat-1 (1215)
    Destination Port: http (80)
    <Source or Destination Port: scanstat-1 (1215)>
    <Source or Destination Port: http (80)>
    [Stream index: 103]
    [Conversation completeness: Incomplete, DATA (15)]
    [TCP Segment Len: 0]
    Sequence Number: 0    (relative sequence number)
    Sequence Number (raw): 2632828988
    [Next Sequence Number: 1    (relative sequence number)]
    Acknowledgment Number: 0
    Acknowledgment number (raw): 0
    1000 .... = Header Length: 32 bytes (8)
    Flags: 0x002 (SYN)
        000. .... .... = Reserved: Not set
        ...0 .... .... = Nonce: Not set
        .... 0... .... = Congestion Window Reduced (CWR): Not set
        .... .0.. .... = ECN-Echo: Not set
        .... ..0. .... = Urgent: Not set
        .... ...0 .... = Acknowledgment: Not set
        .... .... 0... = Push: Not set
        .... .... .0.. = Reset: Not set
        .... .... ..1. = Syn: Set
            [Expert Info (Chat/Sequence): Connection establish request (SYN): server port80]
                [Connection establish request (SYN): server port 80]
                <Message: Connection establish request (SYN): server port 80>
                [Severity level: Chat]
                [Group: Sequence]
        .... .... ...0 = Fin: Not set
        [TCP Flags: ··········S·]
    Window: 64240
    [Calculated window size: 64240]
    Checksum: 0x1f06 incorrect, should be 0xeb06(maybe caused by "TCP checksum offload"?)
        [Expert Info (Error/Checksum): Bad checksum [should be 0xeb06]]
            [Bad checksum [should be 0xeb06]]
            <Message: Bad checksum [should be 0xeb06]>
            [Severity level: Error]
            [Group: Checksum]
    [Checksum Status: Bad]
    [Calculated Checksum: 0xeb06]
    Urgent Pointer: 0
    Options: (12 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted
        TCP Option - Maximum segment size: 1460 bytes
        TCP Option - No-Operation (NOP)
        TCP Option - Window scale: 8 (multiply by 256)
        TCP Option - No-Operation (NOP)
        TCP Option - No-Operation (NOP)
        TCP Option - SACK permitted
    [Timestamps]
        [Time since first frame in this TCP stream ...
(more)
edit retag flag offensive close merge delete

1 Answer

Sort by » oldest newest most voted
0

answered 2022-07-25 09:35:55 +0000

Guy Harris gravatar image

Why is my computer accessing a Apple IP Address when I did not even search for anything on or about this scanstat port.

Not all traffic from a machine comes from something you did. It could be software you installed - for example, do you have iTunes-for-Windows installed on your machine?

How would I find out more about this.

1) Do a web search for "uschi5-vip-bx-002.aaplimg.com", which is the host name corresponding to that IP address. A similar host name showed up on this question on an Apple discussion board - one answer notes, based on a VentureBeat story, that it's part of a "content distribution network" (CDN) set up by Apple to allow them to pump out a lot of data to multiple clients, and suggests that "Besides SW updates I believe it's used for syncing iTunes & other things", and another answer asks "If it is iTunes could it be Apple Music streaming radio or iCloud?"

2) it's to port 80, so it's attempting non-TLS-encrypted HTTP; if it doesn't end up getting redirected to an https:// site, so that it switches to TLS, you may be able to look at the traffic to see what it is.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2022-07-24 21:06:00 +0000

Seen: 198 times

Last updated: Jul 25 '22