I have been working on an app that will track network packets coming/going to a machine specifically so I can more easily determine when a Domain Controller is being used prior to decommission. I am making it generic enough that it isn’t locked into just watching say the LDAP port, I allow you to specify any WinPCap filter you want. Anyway, while testing the app I had it watching port 80 and 443 packets as there were a lot of those going on on my machine and I wasn’t sure what all of them were so thought it would be interesting to see what I would learn.
When I looked at the output which is simply a summary of the Host IPs with ports and counts of packets to/from those ports I found:
If it doesn’t immediately make sense to you, those are IPv6 addresses (yeah, I have Comcast and they have IPv6 hot now). I saw that and thought, oh that has got to be Facebook and I looked up the addresses and sure enough, it was Facebook. They were actually able to "sign" their IP addresses with their name… Almost. Now I need to come up with a new name that can be represented with the Hex Character set.