I have been working on an app that will track network packets coming/going to a machine specifically so I can more easily determine when a Domain Controller is being used prior to decommission. I am making it generic enough that it isn’t locked into just watching say the LDAP port, I allow you to specify any WinPCap filter you want. Anyway, while testing the app I had it watching port 80 and 443 packets as there were a lot of those going on on my machine and I wasn’t sure what all of them were so thought it would be interesting to see what I would learn.
When I looked at the output which is simply a summary of the Host IPs with ports and counts of packets to/from those ports I found:
2A03:2880:2050:1F08:FACE:B00C:0:1
443|72 80|8
2A03:2880:20:3F07:FACE:B00C:0:1
443|743 80|8
2A03:2880:2110:6F05:FACE:B00C:0:1
443|2488
2A03:2880:2110:DF07:FACE:B00C:0:1
80|17
2A03:2880:2130:7F07:FACE:B00C:0:1
443|7239 80|84
2A03:2880:F013:108:FACE:B00C:0:1
443|765
2A03:2880:F013:407:FACE:B00C:0:1
443|898
2A03:2880:F013:507:FACE:B00C:0:1
443|830
2A03:2880:F013:8:FACE:B00C:0:1
443|751
If it doesn’t immediately make sense to you, those are IPv6 addresses (yeah, I have Comcast and they have IPv6 hot now). I saw that and thought, oh that has got to be Facebook and I looked up the addresses and sure enough, it was Facebook. They were actually able to "sign" their IP addresses with their name… Almost. Now I need to come up with a new name that can be represented with the Hex Character set.
joe
