7 Replies Latest reply on Nov 2, 2011 4:57 PM by jswan

    How to determine if traffic is legitimate or not

    John Morgan

      Hi All,

      I have recently installed Netflow Traffic Analyzer.  I am noticing all kinds of traffic going across the network that is not making any sense to me.

      The most recent application that I noticed was something called SilkP4 using port 2832.  Over half an hour of time about 350MB were transmitted between a server in our Olympia office and one in our Yakima office. 

      I have no ide what this is, what's causing it, and if it's legitimate or not.  Googleing it takes me to many web sites which basically tell me it's called Sikp4 and uses port 2832.  No mention of what exactly that is, what it's used for, or if I should be concerned.  Well one site told me that there were trojan warnings for that port number and another said there were none.

      I'm not really expecting an answer to let me know what that traffic is, but I would like to know if there is a good, credible source to use as a reference for unknow traffic like this. 

      Right now all I know is ther's this traffic, and it's called Silkp4 and it's sent three or four hundred megs between 2 of my servers in about a half an hour period of time, causing my Yakima router to max out on it's utilization.

      So, any ideas where I could find out more about this, and other, unexpected traffic.

      Thanks.

      John