FlightAware network traffic to port 44975. Legit?

FlightAware ADS-B Flight Tracking
1

I have PiAware running on an RPi. While trawling my syslog for an unrelated error, I came across a “UFW BLOCK” entry blocking traffic between IP 206.253.80.198 (cagso.hou.flightaware.com) and my instance from port 1200 to port 44975.

Here is the [edited] log entry:

May 21 22:58:57 rpi-1090-03 kernel: [   45.485278] [UFW BLOCK] IN=wlan0 OUT= MAC=dd:77:bb:00:33:66:33:88:66:ff:cc:00:00:00 SRC=206.253.80.198 DST=192.168.190.10 LEN=102 TOS=0x00 PREC=0x00 TTL=44 ID=31325 DF PROTO=TCP SPT=1200 DPT=44975 WINDOW=296 RES=0x00 ACK PSH URGP=0

What is port 44975 used for? Should I ‘ALLOW’ port 44975? Will it help FlightAware in any way - it does not seem to be affecting my feed.

Ta much
Bagoong

2

This is reply traffic for an outbound TCP connection made from your Pi to a FA server’s port 1200, which is normal traffic.

44975 is the locally-allocated port number on the Pi’s side of the connection, and will change from connection to connection.

Normally your firewall should match this reply traffic against the established connection and allow it automatically.

1 Like
3

Thanks a ton.

I just checked my logs. It would seem that this UFW BLOCK has only happened twice this week. I’m going to ignore it while I sort out the other problem which may actually have caused the BLOCK.

I’ll come back later if it irks me.

Again, thanks a ton!

4

If I had to guess, it would be that the Pi had just rebooted (the kernel message is timestamped 45s after reboot) and the traffic that got blocked was for a pre-reboot connection that was not cleanly torn down (i.e. the server side thinks it is still live). But the post-reboot firewall state doesn’t know about that connection at all and drops the traffic.

5

That’s about right. I’ve had to reboot the Pi often due to a problem with fr24feed - keeps getting lost and then going ‘berserk’. Need to first do a power reboot, then when it comes back a software reboot. I don’t fully understand that problem yet - have to fill idle gaps with that research at the moment. Anyhow, that’s not your problem.

Thanks a ton!

6

Try this:

(Before purging fr24feed, open file /etc/fr24feed.ini and note down fr24key. You will need it when re-installing it by last command below)

sudo apt purge fr24feed 

sudo apt clean 

sudo apt update   

sudo apt install fr24feed

Also brows following post:

1 Like
7

Thanks a ton, that’s sensible advice. I was going to rebuild the entire Pi, but perhaps purge/reinstall will work, and it’s a shorter route.

I’ll definitely take a gander at the link you sent.