Wiresark Auswertung! Matahari Port Scans

[Wurstspiess]

Hallo, hab im Wireshark diese komischen Bad TCP Requests. Weis einer warum und was das ist?

o.     Time           Source                Destination           Protocol Length Info
  21742 395.434047000  192.168.2.1           192.168.2.100         TCP      60     matahari > 60993 [FIN, ACK] Seq=544 Ack=528 Win=6912 Len=0

Frame 21742: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
Ethernet II, Src: Avm_69:b9:4c (00:24:fe:69:b9:4c), Dst: Micro-St_86:55:26 (00:1d:92:86:55:26)
Internet Protocol Version 4, Src: 192.168.2.1 (192.168.2.1), Dst: 192.168.2.100 (192.168.2.100)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
    Total Length: 40
    Identification: 0x8a4a (35402)
    Flags: 0x02 (Don't Fragment)
    Fragment offset: 0
    Time to live: 64
    Protocol: TCP (6)
    Header checksum: 0x2ad0 [correct]
        [Good: True]
        [Bad: False]
    Source: 192.168.2.1 (192.168.2.1)
    Destination: 192.168.2.100 (192.168.2.100)
    [Source GeoIP: Unknown]
    [Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: matahari (49000), Dst Port: 60993 (60993), Seq: 544, Ack: 528, Len: 0

No.     Time           Source                Destination           Protocol Length Info
  21743 395.434086000  192.168.2.100         192.168.2.1           TCP      54     60993 > matahari [ACK] Seq=528 Ack=544 Win=65024 Len=0

Frame 21743: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0
Ethernet II, Src: Micro-St_86:55:26 (00:1d:92:86:55:26), Dst: Avm_69:b9:4c (00:24:fe:69:b9:4c)
Internet Protocol Version 4, Src: 192.168.2.100 (192.168.2.100), Dst: 192.168.2.1 (192.168.2.1)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
    Total Length: 40
    Identification: 0x24fa (9466)
    Flags: 0x02 (Don't Fragment)
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (6)
    Header checksum: 0x0000 [incorrect, should be 0x5020 (may be caused by "IP checksum offload"?)]
        [Good: False]
        [Bad: True]
            [Expert Info (Error/Checksum): Bad checksum]
                [Message: Bad checksum]
                [Severity level: Error]
                [Group: Checksum]
    Source: 192.168.2.100 (192.168.2.100)
    Destination: 192.168.2.1 (192.168.2.1)
    [Source GeoIP: Unknown]
    [Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 60993 (60993), Dst Port: matahari (49000), Seq: 528, Ack: 544, Len: 0

Wer ahnung hat kann auch gerne die volle Log bekommen.

 

[Teknicida]

https://archive.fosdem.org/2012/schedule/event/647/117_matahari-fosdem2012.pdf

evtl hilft Dir das weiter

"Matahari is a framework for remote systems management. Unlike
traditional methods of remote management (e.g. SSH), it is designed
for programmatic as well as manual access, and to work with large
numbers of machines as might be found in a modern “cloud” installation."