Hello,
Look at the picture i attached and at the Protocol Column there is the port 139.
[attachment deleted by admin]
Protocol 139 is actually a valid protocol and there are also open-source implementations like http://www.openhip.org/
does this happen on a regular basis or you got only that entry?
I didn’t knew that there was a 139 protocol. Firewall shouldn’t be reporting “HIP” instead of a decimal number? This is the first time I got this entry.
Could also be a corrupted UDP packet.
If it the first tme maybe it was an error although to confirm it was an incorrectly logged packet, a packet logging utility like wireshark would be needed.
As for protocol number/protocol names the GRE protocol is unnamed too and also other ICMP codes.
IMHO even though the protocol description could prove useful the protocol number would be mandatory