TCP protocol decimal type 210

[dninja at gmail.com (Robin Wood)]

2009/6/22 Dale Stirling <dale at puredistortion.com>:
> Hi All,
>
> I have a box that is routinely using in excess of 4GB a day in traffic in
> from the internet.
>
> I have identified that the traffic is coming to the box via an IP Protocol
> number I have never seen before: 210.
>
> I have done some searching on the Internet and have only been able to find
> that this number is in the unassigned block of protocol numbers with IANA. I
> am stuck so I thought I would through it out to the smartest group of people
> I know the PDC Mailing (I heard flatery works well) list to see if any one
> has seen this before.
I wouldn't worry about the port number, you can set up a connection
through any port regardless of what service the port was allocated to
originally.

Have you tried just looking at the machine? See what is running
through process lists etc. Look for things that look like peer to
peer. You don't mention what OS the machine has but there are plenty
of apps for all the main OSs to see what process is attached to a
given port, you can then track it down from there.

You can also do some packet sniffing, see what the traffic is and if
you can detect a certain protocol.

There are loads of ways you can take it but where depends on what you
have done so far, on the OS/network structure for specific tools and
organisation structure (can you seize the box for analysis or do you
have to do it remotely).

Hope this gives you a start.

Robin