anyone have any idea why the VPN Firewall would be probing static IPs on my subnet on port 1792? I can't find a good reason the firewall would be doing this. doesn't seem neferious, but I like to know what's happening on my network.
Five Minutes of PCAP filtered for port 1792
tcpdump port 1792 -vvv -nn -r rPi_2016-11-19_05:39:35.pcap reading from file rPi_2016-11-19_05:39:35.pcap, link-type EN10MB (Ethernet) 05:41:12.822665 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 29) 192.168.0.1.1058 > 192.168.0.6.1792: [udp sum ok] UDP, length 1 05:41:23.138814 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 29) 192.168.0.1.1058 > 192.168.0.40.1792: [udp sum ok] UDP, length 1 05:41:23.205347 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 29) 192.168.0.1.1058 > 192.168.0.41.1792: [udp sum ok] UDP, length 1 05:41:23.754273 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 29) 192.168.0.1.1058 > 192.168.0.47.1792: [udp sum ok] UDP, length 1 05:41:24.314786 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 29) 192.168.0.1.1058 > 192.168.0.50.1792: [udp sum ok] UDP, length 1 05:41:24.467801 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 29) 192.168.0.1.1058 > 192.168.0.51.1792: [udp sum ok] UDP, length 1
last 24 hours stats:
source | desination | destination port | # of source ports | event count
192.168.0.1
192.168.0.10
1792
7
454
192.168.0.1
192.168.0.165
1792
7
457
192.168.0.1
192.168.0.17
1792
7
934
192.168.0.1
192.168.0.20
1792
7
932
192.168.0.1
192.168.0.21
1792
7
931
192.168.0.1
192.168.0.22
1792
7
931
192.168.0.1
192.168.0.31
1792
7
935
192.168.0.1
192.168.0.40
1792
7
456
192.168.0.1
192.168.0.41
1792
7
454
192.168.0.1
192.168.0.47
1792
7
453
192.168.0.1
192.168.0.50
1792
7
457
192.168.0.1
192.168.0.51
1792
7
457
192.168.0.1
192.168.0.6
1792
7
461
Model: FVS318Gv2|ProSafe gigabit 8 port VPN firewall
a. Are there any firewall rules configured that includes port 1792 on the FVS318G?
b. I found out online that port 1792 is a UDP port used for online games like NHL 2003. Are you playing online games that requires port 1792 to be opened on the FVS318G?
c. What is the current firmware version of the FVS318G?
Did you perform a factory reset on the FVS318G after upgrading the firmware to v3.1.1.18? It is recommended to reset the firewall router to factory default settings after doing a firmware upgrade then reconfigure it from scratch.
For the logs to be interpreted, I suggest you to open an online case with NETGEAR Support at anytime. Kindly state your concern and attached the logs on the online case. The online case will be escalated to the engineering team and they will be one to analyze the logs.
I just want to follow-up. Were you able to perform a factory reset on the FVS318G? Also, were you able to open an online case with NETGEAR Support for the logs to be analyzed? If yes, keep us posted about the progress of the online case.
A factory reset from and reconfig from scratch is not a trivial undertaking. I have to budget time to do this. Reconfiguing from scratch and not just restoring a backup requires that I document the current settings to ensure I don't miss any important rules or settings.
Ultimately, I don't necessarily want to undertake that task unless we're sure that's going to address this curiosity. I'm also more interested in why this generally benign issue is happening vice trying to get it to stop.
Doing a factory reset then reconfiguring the device from scratch after a firmware upgrade makes the device have a clean start with the new firmware uploaded. If this will seem to take too much of your time, then you may first do a back-up of the configuration then restore it after doing a firmware upgrade and check if same problem occurs. However, be reminded it is possible that the restored configuration might contain errors that is why a way to isolate the problem is to reconfigure the device from scratch.
Going back to the logs/packet capture you've posted, our engineering team is capable of interpreting it. Opening an online case with NETGEAR Support will help.
