If you have a tool like Logic Monitor reporting that reporting something like:
The host SRV is experiencing an unusual number of failed TCP connections, probably incoming connections.
LogicMonitor
There are now 3.27 per second failed connections, putting the host in a warn level.
you can use free tools like WireShark to capture all of the network traffic on a Windows Server (or PC like Win 10 or Win 11 for that matter) then sort and filter the failures to look for patterns:
Here are some common TCP port numbers to consider:
Port Number | Usage |
20 | File Transfer Protocol (aka FTP) Data Transfer |
21 | File Transfer Protocol (aka FTP) Command Control |
22 | Secure Shell (aka SSH) |
23 | Telnet – Remote login service, unencrypted text messages |
25 | Simple Mail Transfer Protocol (aka SMTP) E-mail Routing |
53 | Domain Name System (aka DNS) service |
80 | Hypertext Transfer Protocol (aka HTTP) used in World Wide Web |
110 | Post Office Protocol (aka POP3) used by e-mail clients to retrieve e-mail from a server |
119 | Network News Transfer Protocol (aka NNTP) |
123 | Network Time Protocol (aka NTP) |
143 | Internet Message Access Protocol (aka IMAP) Management of Digital Mail |
161 | Simple Network Management Protocol (aka SNMP) |
194 | Internet Relay Chat (aka IRC) |
443 | HTTP Secure (aka HTTPS) HTTP over TLS/SSL |
0 Comments