For your example blocked packet, the key indicator is the destination port, 123. That is the network time protocol port. And so the hint is that the service is NTP, which Ubuntu does run. The second indicator is the destination address which looks up as
golem.canonical.com, which I assume is the Ubuntu NTP host. Actually, doiing a reverse lookup for
ntp.ubuntu.com gives the same IP, so it has some alias':
$ nslookup ntp.ubuntu.com Server: 127.0.0.1 Address: 127.0.0.1#53 Non-authoritative answer: Name: ntp.ubuntu.com Address: 22.214.171.124 Name: ntp.ubuntu.com Address: 126.96.36.199 Name: ntp.ubuntu.com Address: 188.8.131.52 Name: ntp.ubuntu.com Address: 184.108.40.206
Therefore the service is NTP.
Check via (this example is on a server, maybe desktops are the same):
$ systemctl status systemd-timesyncd ● systemd-timesyncd.service - Network Time Synchronization Loaded: loaded (/lib/systemd/system/systemd-timesyncd.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2020-08-19 15:22:05 PDT; 16h ago Docs: man:systemd-timesyncd.service(8) Main PID: 640 (systemd-timesyn) Status: "Initial synchronization to time server 220.127.116.11:123 (ntp.ubuntu.com)." Tasks: 2 (limit: 18892) Memory: 1.2M CGroup: /system.slice/systemd-timesyncd.service └─640 /lib/systemd/systemd-timesyncd Aug 19 15:22:05 s18 systemd: Starting Network Time Synchronization... Aug 19 15:22:05 s18 systemd: Started Network Time Synchronization. Aug 19 15:22:11 s18 systemd-timesyncd: Network configuration changed, trying to establish connection. Aug 19 15:22:11 s18 systemd-timesyncd: Initial synchronization to time server 18.104.22.168:123 (ntp.ubuntu.com).
While mine is working, yours will have failed to sync because you blocked the packets.