We run a mixed environment and near as I can tell have no traffic
running around on ports 4662.
“tcp.port==4662 || udp.port==4662” is an option for a wireshark display
filter, but also wireshark has built in filters for edonkey traffic.
If you are a switching environment, make sure to configure your switch
to span or mirror to your capture port.
With only this info, I wouldn’t rule out that you may indeed have some
emule/edonky traffic running around.
On 7/25/2012 9:17 AM, Chris wrote:[color=blue]
Hi all: I have been seeing a lot of traffic on port 4662 across our
WANs via using Cisco’s nbar discovery. Cisco labels it a eDonkey, which
is a file sharing system, but I have my doubts that is the culprit. Do
you know of any other applications typically found in a mixed
OES/Windows (eDir/AD) environment that might be making use of this port?
Also, I am not sure how to go about sniffing for this port traffic using
Wireshark? Can someone help me out with this?