I am on a Mac and with the help of Little Snitch I noticed what appears to be suspicious activity from the transmission-daemon, namely, there are what look like outgoing pings going to hundreds of different IPs. These start occurring at startup. Almost all of the IPs are located in Europe/Asia. I've set a blanket deny in Little Snitch for transmission-daemon and have not noticed any issues yet.
The transmission-daemon was installed via Homebrew and can be found at /opt/homebrew/Cellar/transmission-cli/4.0.4/bin/transmission-daemon.
I do not have any active Transmission clients open or any active torrents.
I tried attaching a .pcap of an example packet and then an exported .txt file but neither were accepted formats. Instead, please find the TXT export reproduced below. I checked a handful of the captured packets and they all had identical payloads (data.data).
Code: Select all
No. Time Source Destination Protocol Length Info
1 0.000000 0.0.7.132 96.255.11.140 UDP 100 1383 → 48791 Len=58
Frame 1: 100 bytes on wire (800 bits), 100 bytes captured (800 bits)
Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)
Internet Protocol Version 4, Src: 0.0.7.132, Dst: 96.255.11.140
User Datagram Protocol, Src Port: 1383, Dst Port: 48791
Source Port: 1383
Destination Port: 48791
Length: 66
Checksum: 0x0000 [zero-value ignored]
[Checksum Status: Not present]
[Stream index: 0]
[Timestamps]
[Time since first frame: 0.000000000 seconds]
[Time since previous frame: 0.000000000 seconds]
UDP payload (58 bytes)
Data (58 bytes)
0000 64 31 3a 61 64 32 3a 69 64 32 30 3a 8a 79 54 ef d1:ad2:id20:.yT.
0010 c8 6f 67 45 b6 33 9f cc 3a a6 b6 8f ee eb c0 07 .ogE.3..:.......
0020 65 31 3a 71 34 3a 70 69 6e 67 31 3a 74 34 3a 70 e1:q4:ping1:t4:p
0030 6e 00 00 31 3a 79 31 3a 71 65 n..1:y1:qe
Data: 64313a6164323a696432303a8a7954efc86f6745b6339fcc3aa6b68feeebc00765313a71…
[Length: 58]I apologize if these are expected. I only ever use torrents to download Linux ISOs, so I'm not as familiar with the protocol as I ought to be. I tried Googling these all morning but it was difficult to find a correct search phrase that Google would respect.
If there is any additional information you need, please feel free to ask as I'd be happy to provide as much as possible.
Thanks for any help.
Also, as a side-note, the forum does not appear to work well with the Brave browser. When I tried creating an account I was in an endless Accept Terms --> Create Account --> Prove I'm a Human Bean --> Accept Terms loop. This was with all extensions disabled and JS enabled. Eventually, I created an account with Chrome. I then logged in to the account in the Brave browser, wrote out a version of the above thread, hit Preview, was asked to log back in and the thread was gone when I logged in again. Just an FYI.