Network Recon Payload unknown(?) ICMP/NTP traffic. Help please

[etherxrally]

Running payload Network Recon Payload with email exfiltration, I am getting traffic from the SharkJack that i am trying to understand. I am monitoring the traffic and when it runs the payload I get two ICMP type 3 code 3 messages. Each message is to a different address. Each time I run the payload the destination address changes to seemingly random addresses. the source port is 123 and the destination port is random (also seems backward to me). I don't see where any of this is part of the script. So i have some questions:

1. Does anyone know if this is part of Sharkjack normal behavior? (running 1.1.0 firmware)

2. Does anyone Know if this is part of the payload? if so where is it pulling the ip addresses or hostnames from?

I have installed Mutt, curl, msmtp, via Opkg if that matters. This traffic seems suspicious as it is not advertised well in any of the payload descriptions.