nanog mailing list archives
Re: udp 500 packets when users are web browsing
From: "Bjoern A. Zeeb" <bzeeb-lists () lists zabbadoz net>
Date: Thu, 3 Sep 2015 13:42:21 +0000
On 03 Sep 2015, at 13:35 , Robert Webb <rwebb () ropeguru com> wrote: We are seeing udp 500 packets being dropped at our firewall from user's browsing sessions. These are users on a 2008 R2 AD setup with Windows 7. Source and destination ports are udp 500 and the the pattern of drops directly correlate to the web browsing activity. We have confirmed this with tcpdump of port 500 and a single host and watching the pattern of traffic as they browse. This also occurs no matter what browser is used. Can anyone shine some light on what may be using udp 500 when web browsing?
The VPN using IPsec UDP-Encap connection that supposedly gets through NAT? Have you checked the content with tcpdump? Do you have fragments by any chance?
Current thread:
- udp 500 packets when users are web browsing Robert Webb (Sep 03)
- Re: udp 500 packets when users are web browsing Bjoern A. Zeeb (Sep 03)
- Re: udp 500 packets when users are web browsing Robert Webb (Sep 03)
- Re: udp 500 packets when users are web browsing Chuck Anderson (Sep 03)
- Re: udp 500 packets when users are web browsing Oliver O'Boyle (Sep 03)
- Re: udp 500 packets when users are web browsing Oliver O'Boyle (Sep 03)
- Re: udp 500 packets when users are web browsing Robert Webb (Sep 03)
- Re: udp 500 packets when users are web browsing Oliver O'Boyle (Sep 03)
- Re: udp 500 packets when users are web browsing Robert Webb (Sep 03)
- Re: udp 500 packets when users are web browsing Bjoern A. Zeeb (Sep 03)