[183468] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

udp 500 packets when users are web browsing

daemon@ATHENA.MIT.EDU (Robert Webb)
Thu Sep 3 09:35:08 2015

X-Original-To: nanog@nanog.org
From: "Robert Webb" <rwebb@ropeguru.com>
To: "nanog@nanog.org" <nanog@nanog.org>
Date: Thu, 03 Sep 2015 09:35:04 -0400
Errors-To: nanog-bounces@nanog.org

We are seeing udp 500 packets being dropped at our firewall from user's 
browsing sessions. These are users on a 2008 R2 AD setup with Windows 7.

Source and destination ports are udp 500 and the the pattern of drops 
directly correlate to the web browsing activity. We have confirmed this with 
tcpdump of port 500 and a single host and watching the pattern of traffic as 
they browse. This also occurs no matter what browser is used.

Can anyone shine some light on what may be using udp 500 when web browsing?

Robert


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[183468] in North American Network Operators' Group

udp 500 packets when users are web browsing

daemon@ATHENA.MIT.EDU (Robert Webb)Thu Sep 3 09:35:08 2015

daemon@ATHENA.MIT.EDU (Robert Webb)
Thu Sep 3 09:35:08 2015