Why is there so much outgoing traffic shown on port 443
Looking at our firewatch, I see a lot of computers in our building that have a lot of outgoing traffic through port 443 to lots of different IP addresses. How can i prevent that? I can't just block 443 as we also have a mail and web server controlling our email and website.
I am testing one computer that i just turned on and opened no applications and still shows a lot of outgoing traffic.
Anyone have thoughts to this?
Best Answers
-
Look at the destinations in FSM traffic monitor. You don't specify what OS your computers have, but any Windows computer and likely Macs will be using 443 to get their updates. Same for AV software.
Analyze before you block! This traffic could all be legitimate...or not. That is for you to determine by looking up the domains of the IP address you have seen.
Gregg Hill
5 -
There are various software programs that you can install on a PC to see what is going on.
. Look at GlassWire, which will tell you what program is allowing outgoing access, amoung other things.
. There are many software firewall programs which also can do the same.
. netstat -b, run in a CMD box with administrator privileges, will show you the current programs which have open outgoing ports
. you can run packet capture programs, such as Wireshark, which can show you the IP addrs to which HTTPS (TCP port 443) packets are sent, but they will not show the program(s) which cause this traffic5
Answers
Appreciate your input. I checked quite a few IP addresses. They were very random. One of the computers was updated and it showed Microsoft. But still had several others.
At one point there was quite a few to Verizon. Thought that to be strange as that was the computer that was just idle and nobody on it.
I did use netstat -b on mine. That will at least tell me the programs and helps identify some of the traffic. Like mine was mainly legitimate stuff
Thanks for the answers