Need help with troubleshooting
A few days ago I started to notice a consistent number of FTP events in my daily report. They are being caused by a program I wrote that communicates with the 4 wireless access points I have in my home to query which wireless devices are currently attached to them on the 2.4GHz and 5 GHz bands. The program just sits there and every minute contacts each of the AP's for the information it needs to update my display. It works!
Two of the access points are NetGear PLW1000v2 powerline devices. I had to reverse engineer the http interchange that goes on between the device and someone logging into its web interface since those devices don't support a Telnet interface. It is the logon process to the PLW1000 that is generating the FTP event. It happens even if I log in from a browser, so its nothing in my program that causes it.
So I'm trying to figure out what the FTP event is and who is communicating with whom.
Am I right in understanding that the FTP event that Untangle logs would have to be with an external entity? When I look in reports I cannot find any information about the events. Can someone point me in the right direction there.
I did try looking in the sessions data to see what was being captured there when I login to the PLW1000. I consistently only see 2 entries both UDP Packets being sent to the IP address of Untangle.
1. A UDP Packet being sent to port 53 which I assume is some kind of DNS request but the session details don't provide any useful data.
2. A UDP packet being sent from port 68 to port 67 which I assume is DHCP related.
I can see no other session data related to that device. So would the 2 session events above cause an FTP event to be logged and if so why?
Thanks in advance
Mike