Hi everyone, I am helping an organization with some things and I was looking at their checkpoint firewall logs. I see a large number of their PC's are regularly trying to connect to a few IPs that seem to be Akamai CDN servers (on this org's ISP network). Their firewall is blocking it however.
Is there a way to find out what they are actually connecting to? On the PC i am using, I see the several connections will be made over a span of 10 minutes a few times throughout the day, so I am unable to just start a packet capture. I happens when a user is logged off as well. it looks like its happening over port 80, but when I visit that that IP over http I just get "Invalid URLThe requested URL "[no URL]", is invalid. "
I suspect is something innocent (like software updates), but I'd still like to figure it out.
Is there a way to find out what they are actually connecting to? On the PC i am using, I see the several connections will be made over a span of 10 minutes a few times throughout the day, so I am unable to just start a packet capture. I happens when a user is logged off as well. it looks like its happening over port 80, but when I visit that that IP over http I just get "Invalid URLThe requested URL "[no URL]", is invalid. "
I suspect is something innocent (like software updates), but I'd still like to figure it out.
Last edited:
Facebook
Twitter