Something is fishy with the connections while running retroshare.
I have a port opened for retroshare, but when I tcpdump on my router/firewall, I am seeing half the traffic on port 1024 from it.
Thats not a port that should be in use but its connecting to the same IPs that retroshare is.
The strange thing is that my router/firewall sees alot more of the 1024 traffic then the actual machine running retroshare does.
This isnt even the network facing router. Its an internal Firewall/Router I use to segment my network.
For some reason this Firewall/Router is initiating connections from 1024 that mirror the actual connections from my assigned retroshare port (which are still being forwarded).
I even tried adding IPTABLES rules to drop all port 1024 connections but its being ignored
Its definately retroshare. I suspect a the F2F tunnel, and I understand the 2 F2F tunnels to friends from this thread here:
But I would like to know why two packets are being created instead of one for every communication. One from my listening port and one from port 1024 (which it should not be using).
perhaps someone can enlighten me as to how its getting my Firewall/Router to initiate connections via port 1024 and why?