Stealth Mode connection attempt and network configuration changed messages

Discussion in 'Mac Basics and Help' started by LPPU, Oct 4, 2010.

  1. LPPU macrumors newbie

    Joined:
    Aug 29, 2010
    #1
    The console lists these messages and they worry me to say the least. I haven't made any network configuration changes myself, and I get tons of those Stealth Mode connection attempt messages. What's the deal with this?

     
  2. miles01110 macrumors Core

    miles01110

    Joined:
    Jul 24, 2006
    Location:
    The Ivory Tower (I'm not coming down)
    #2
    UDP is used for a lot of things. Do you have any sort of sharing (iTunes, printer, file) on in your network? How about a router or network printer? All of those can send out UDP broadcasts.
     
  3. LPPU thread starter macrumors newbie

    Joined:
    Aug 29, 2010
    #3
    I'm not sharing anything to my knowledge. I know I made sure all sharing preferences under sharing weren't enabled. The way I connect to the internet is by plugging my Macbook into a modem via ethernet cable. I think the modem may have a built in router, but no other computers are hooked up to it. Just mine. Also, in the log there was at least one entry saying TCP I believe instead of UDP.
     
  4. tag macrumors 6502a

    tag

    Joined:
    Apr 29, 2005
    Location:
    PA, US
    #4
    Alright I did some tests since I was bored. I enabled my software firewall and had little snitch running. Everytime I went to a new website these showed up. Actually these showed up everytime I went to a new website. And randomly, sometimes 1 entry per site, sometimes 3.

    Code:
    Oct  4 18:31:59 memory-core Firewall[97440]: Stealth Mode connection attempt to UDP 192.168.1.6:63062 from 192.168.1.1:53
    Oct  4 18:31:59 memory-core Firewall[97440]: Stealth Mode connection attempt to UDP 192.168.1.6:58907 from 192.168.1.1:53
    Now this is showing that these connections are being sent from my router, via port 53 to my laptop on random ports (which happens if my computer doesn't respond to the first port it tries a few other random ones from what I've read). Now port 53 is used for DNS resolution, so after this little research it seems that your web browser is requesting a DNS lookup from the cache, when it's not there or even when it is, the router sends many packets back as it hasn't heard a response from your computer. In the end I'm slightly confused as to why the computer isn't recieving it properly but honestly wouldn't be at all worried as they are related to simple DNS lookups and there doesn't seem to be any loading errors resulting from this.
     
  5. brandeded macrumors newbie

    Joined:
    Jul 11, 2012
    #5
    After some investigation, I see that in my case this was skype.

    I caught the connections with a network flow probe, and found on a localhost that it was skype by using netstat to find the process that was exposing the port which the traffic was on, in this case 6837.

    On OSX:
    netstat -apn | grep :6837

    On Windows (I use TCPview usually):
    netstat -ab> %tmp%\netstatbyprocs.log
    findstr -ni 6837 %tmp%\netstatbyprocs.log


    I have posted in the Skype forum.

    Skype randomly chooses a port to establish connections with, and this is the port 6837 in my instance. It is worth noting that I block outgoing connections on this port (most ports) and UPnP on my network, so I'm curious what Skype is trying to do.

    Good luck,

    Matt
     

Share This Page