Ports 1026-1030 - What for?

[pkSML]

Hello.

I have Linksys' Logviewer that keeps track of all outgoing and incoming traffic to the router. I consistently receive requests for ports 1026, 1027, and other ports near that range. I have Googled for an explanation of these ports, but can't find a satisfactory one.

These requests make up most in the list of incoming activity and occur within every five minutes it seems. Oddly enough, dnsstuff.com reports these requests coming from IP addresses in China.

Has anyone else seen this occurring?
Do you have an explanation of why it happens? (I'm assuming it's for some type of vulnerability check by hackers.)

Thanks in advance.
_________________
Stephen
Need a LitlURL?

http://CodeBin.yi.org

[cmxflash]

This is what my portscanner says:

[pkSML]

Thanks cmxflash. I'm finding more information about this!

Is there any way to monitor what packets are being delivered to these ports? In other words, can anyone tell me of some freeware that will capture packets on a specific port? I'd like to see the contents of these packets.
_________________
Stephen
Need a LitlURL?

http://CodeBin.yi.org

[cmxflash]

Ethereal is a good program for sniffing traffic. Link.

[pkSML]

Awesome program, cmxflash!

I found the results I was looking for. I have successfully captured some traffic from ports 1026 and 1027.

Ethereal Results --> Port 1026 ~ Port 1027 (Note: These .cap files are openable with Ethereal to get all the gory details, but you can still see the contents in notepad.)

PortPeeker Results: --> Port 1026 ~ Port 1027
_________________
Stephen
Need a LitlURL?

http://CodeBin.yi.org

[cmxflash]

Looks like traffic from the old messenger service in Windows. This service is disabled by default in SP2.

This traffic was used to send annoying messages containing ads that tell you to download a program from a website (most likly spyware/malware).

This is what the packages contains:


Do not download anything from the URLs listed below