1

Following is the firewall log that I have observed:

Application Information:
    Process ID:          4
    Application Name:    System

Network Information:
    Direction:           Inbound
    Source Address:      10.x.x.255 (broadcast IP)
    Source Port:         138
    Destination Address: 10.x.x.240
    Destination Port:    138
    Protocol:            17

Filter Information:
    Filter Run-Time ID:  68065
    Layer Name:          Receive/Accept

It looks like it's Netbios communication.

I would like to understand more in depth why destination IP is getting hit from a broadcast IP on port 138 UDP

DavidPostill
  • 162,382
Rakesh
  • 11

1 Answers1

0

NetBIOS is a file and printer sharing system used in windows. NetBIOS stands for Network basic input output system.

The udp port 138 is used as a Datagram distribution service, this is responsible for error detection and recovery.

This is just a short answer but if you want to learn a lot more about it look at this other Superuser post:

What is NetBIOS? Does Windows need its ports 137 and 138 open?

Community
  • 1
Bungicasse
  • 1,572