Yesterday, while using the free and open source packet analyzer software Wireshark to observe network traffic reaching a router, I had set a packet filter in Wireshark to filter on Internet Control Message Protocol (ICMP) traffic. I saw a lot of unexpected ICMP "port unreachable" packets coming from a server behind the router headed outbound to the Internet to the IP address 220.127.116.11.
Internet Control Message Protocol
Type: 3 (Destination unreachable) Code: 3 (port unreachable) Checksum: 0xa821 [correct] [Checksum Status: Good] Unused: 00000000
ICMP destination unreachable packets are "generated by the host or its inbound gateway to inform the client that the destination is unreachable for some reason." There is a "code" field that follows the "type" field in an ICMP packet. If the code is 3, then it indicates a port unreachable error (the designated protocol is unable to inform the host of the incoming message). When I checked the destination port at the server end, I saw it was 22, which is the well-known port for the Secure Shell (SSH) protocol.
[ More Info ]