[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

udp 500 packets when users are web browsing

Subject: udp 500 packets when users are web browsing
From: bzeeb-lists at lists.zabbadoz.net (Bjoern A. Zeeb)
Date: Thu, 3 Sep 2015 13:42:21 +0000
In-reply-to: <[email protected]>
References: <[email protected]>

> On 03 Sep 2015, at 13:35 , Robert Webb <rwebb at ropeguru.com> wrote:
> 
> We are seeing udp 500 packets being dropped at our firewall from user's browsing sessions. These are users on a 2008 R2 AD setup with Windows 7.
> 
> Source and destination ports are udp 500 and the the pattern of drops directly correlate to the web browsing activity. We have confirmed this with tcpdump of port 500 and a single host and watching the pattern of traffic as they browse. This also occurs no matter what browser is used.
> 
> Can anyone shine some light on what may be using udp 500 when web browsing?

The VPN using IPsec UDP-Encap connection that supposedly gets through NAT?   Have you checked the content with tcpdump?   Do you have fragments by any chance?

Follow-Ups:
- udp 500 packets when users are web browsing
  - From: rwebb at ropeguru.com (Robert Webb)

References:
- udp 500 packets when users are web browsing
  - From: rwebb at ropeguru.com (Robert Webb)

Prev by Date: udp 500 packets when users are web browsing
Next by Date: udp 500 packets when users are web browsing
Previous by thread: udp 500 packets when users are web browsing
Next by thread: udp 500 packets when users are web browsing
Index(es):
- Date
- Thread