> I believe that the filtering is incorrect, and that the machine
> returning its packet from a high port is correct, if unusual. I'm not
> entirely sure *why* I believe that, though.
I'm with Hugo - except I do know why I believe that.
UDP is a connectionless protocol; all that matters is what's in the
payload. Previous packets in the datastream are irrelevant to the delivery
of this one.
So the fact that it's coming from a different source port to the one that
the previous packet went to doesn't matter; it's still a UDP packet, and
that doesn't depend on any connection state.
> Do you have any packet filtering firewalls between the machines
> (particularly NAT or any other kind of stateful packet tracking)?
That's exactly where I'd be looking. This would appear to be a
miscofigured filter somewhere...
Vic.
