• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Unidentified IP Traffic (TCP:8888)

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> Logging and Reporting >> Unidentified IP Traffic (TCP:8888) Page: [1]
Login
Message << Older Topic   Newer Topic >>
Unidentified IP Traffic (TCP:8888) - 15.Jun.2011 11:42:41 PM   
william.spearman.ctr

 

Posts: 6
Joined: 2.Dec.2010
Status: offline
I am seeing the subject line in my ISA server log files:

Denied Connection IS02 6/16/2011 12:21:58 AM
Log type: Firewall service
Status:
Rule:
Source: Internal (10.x.x.81:4117)
Destination: Local Host (x.x.x.x:8888)
Protocol: Unidentified IP Traffic (TCP:8888)
User:
Additional information
Number of bytes sent: 0 Number of bytes received: 0
Processing time: 0 ms Original Client IP: 10.x.x.81
Client agent:

What does that mean? The clientsuse that port for access and the workstations I see that have this error (and it doesn't happen all the time!) are part of the group allowed to access the ISA.

Can anyone shed light on this murky issue?
Post #: 1
RE: Unidentified IP Traffic (TCP:8888) - 16.Jun.2011 12:52:19 PM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi,

it means ISA does not have any built-in or custom protocol associated with TCP port 8888.

Regards,
Paulo Oliveira.

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to william.spearman.ctr)
Post #: 2
RE: Unidentified IP Traffic (TCP:8888) - 16.Jun.2011 8:02:40 PM   
william.spearman.ctr

 

Posts: 6
Joined: 2.Dec.2010
Status: offline
Hi Paulo,

Thanks for the reply. It doesn't really make sense for that to be the case unless the workstation is producing traffic destined for the ISA server with a DESTINATION port of 8888. Why would that traffic exist? What the workstation should be doing in connecting to the ISA server with a source port of 8888 and a destination port of 80 or 443 requesting access to the proxy services for passing that traffic to the "Internet", correct? The firewall blocks are based on source IP, syn origin (the source of the session) and DESTINATION port , not source, doesn't it?

William Spearman

(in reply to paulo.oliveira)
Post #: 3
RE: Unidentified IP Traffic (TCP:8888) - 19.Jun.2011 10:45:50 AM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi William,

I am sure the workstation sent the traffic to ISA firewall. Unfortunally, I can not tell you the reason why.

No, the source port of the workstation is NOT 8888, but 4117, as we can see in the log you posted.

You should now investigate, what application is generating this traffic to your firewall.

Regards,
Paulo Oliveira.

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to william.spearman.ctr)
Post #: 4
RE: Unidentified IP Traffic (TCP:8888) - 3.Aug.2011 11:45:57 PM   
william.spearman.ctr

 

Posts: 6
Joined: 2.Dec.2010
Status: offline
Thanks for the info Paulo, I finally got the point that the packets are forwarded based on the URL GET request. What I still don't understand is the mechanism for connection from the Internet Explorer browser (workstation) to the ISA server on port 8888 (or the default 8080) and why that traffic isn't identified in any rule I can see in the ISA installation.

(in reply to paulo.oliveira)
Post #: 5

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> Logging and Reporting >> Unidentified IP Traffic (TCP:8888) Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts