22:11:16 firewall,info input: in:(unknown) out:(none), proto UDP, 127.0.0.1:1719->127.0.0.1:32774, len 41
22:11:16 firewall,info input: in:(unknown) out:(none), proto UDP, 127.0.0.1:32774->127.0.0.1:1719, len 173
22:11:19 firewall,info input: in:(unknown) out:(none), proto UDP, 127.0.0.1:1719->127.0.0.1:32774, len 41
22:11:19 firewall,info input: in:(unknown) out:(none), proto UDP, 127.0.0.1:32774->127.0.0.1:1719, len 173
22:11:22 firewall,info input: in:(unknown) out:(none), proto UDP, 127.0.0.1:1719->127.0.0.1:32774, len 41
22:11:25 firewall,info input: in:(unknown) out:(none), proto UDP, 127.0.0.1:1719->127.0.0.1:32774, len 88
Cannot figure out what would be generating that traffic… and how did it get 127.0.0.1.
That would be some kind of locally generated traffic.
127.0.0.1 and i guess loopback exists even if it’s not available in routeros. Why they try to hide loopback interface or 127.0.0.1 this way i do not know, it benefits no one(!!).
It’s hitting the input chain, however I cannot packet sniff and find those packets. Its showing unknown and none for the in and out interfaces - so I assume I have ghost inside my machine. I couldn’t find anything on those 2 ports as being used by RouterOS …
You can’t packet sniff it because you can’t packet sniff the loopback interface. They do not make loopback interface available in routeros.
Input and output are traversed even for traffic from localhost to localhost.