Hi,
I do not understand why and what Azureus is doing.
When Azureus 2.3.0.4 is running, every minute shorewall drops 1 UDP packet
that was destined to my PC port 8008 (I understand 8008 is an alternative for http port 80).
Shorewall and ethereal reports are below.
(I have set up shorewall to drop any incoming ping, so I set shorewall
to drop any incoming udp packet but the one from the cable company).
I run a router with integrated firewall (192.168.0.1).
My PC is 192.168.0.131, and runs shorewall (hence 2 firewalls in series).
Azureus is working ok; Its documentation only talk about
opening port 6881 through 6889 (for tcp). Only a very good look at the
documentation quoted somewhere udp beeing needed as well on the same ports (but not 8008). I do not run any http server on my PC.
Here is what I do not understand:
- The azureus doc does not mention port 8008 (as far as I could tell)
- my PC whants to talk to 239.255.255.250
According to
http://ws.arin.net/cgi-bin/whois.pl this is a reserved address
- The protocol is SSDP, if I understand correctly shorewall is dropping
a packet that says that a HTTP/1.1 server? is available. What is this for?
In the process I have learned how to use tcpdump and ethereal, so this
is good for a newbie. But now I need some guidance to go further. Thanks in advance.
Code:
Aug 30 19:57:02 localhost kernel: Shorewall:net2all:DROP:IN=eth0 OUT=
MAC=mac_address SRC=192.168.0.1
DST=192.168.0.131 LEN=248 TOS=0x00 PREC=0x00 TTL=64 ID=8465 PROTO=UDP
SPT=1900 DPT=8008 LEN=228
Aug 30 19:58:02 localhost kernel: Shorewall:net2all:DROP:IN=eth0 OUT=
MAC=mac_address SRC=192.168.0.1
DST=192.168.0.131 LEN=248 TOS=0x00 PREC=0x00 TTL=64 ID=8721 PROTO=UDP
SPT=1900 DPT=8008 LEN=228
If I understand correctly, my PC (i.e. azureus) looks for 239.255.255.250.
It then receives a OK response that is dropped by shorewall.
Code:
No. Time Source Destination Protocol Info
1 0.000000 192.168.0.131 239.255.255.250 SSDP M-SEARCH * HTTP/1.1
2 0.001957 192.168.0.1 192.168.0.131 SSDP HTTP/1.1 200 OK
3 60.001875 192.168.0.131 239.255.255.250 SSDP M-SEARCH * HTTP/1.1
4 60.003840 192.168.0.1 192.168.0.131 SSDP HTTP/1.1 200 OK
5 120.003760 192.168.0.131 239.255.255.250 SSDP M-SEARCH * HTTP/1.1
6 120.005732 192.168.0.1 192.168.0.131 SSDP HTTP/1.1 200 OK
7 180.005678 192.168.0.131 239.255.255.250 SSDP M-SEARCH * HTTP/1.1
8 180.007648 192.168.0.1 192.168.0.131 SSDP HTTP/1.1 200 OK
Here is the detail of the two first frames
Code:
No. Time Source Destination Protocol Info
1 0.000000 192.168.0.131 239.255.255.250 SSDP M-SEARCH * HTTP/1.1
Frame 1 (143 bytes on wire, 143 bytes captured)
Arrival Time: Aug 30, 2005 18:50:02.809540000
Time delta from previous packet: 0.000000000 seconds
Time since reference or first frame: 0.000000000 seconds
Frame Number: 1
Packet Length: 143 bytes
Capture Length: 143 bytes
Protocols in frame: eth:ip:udp:http
Ethernet II, Src: somemacadd, Dst: somemacadd2
Destination: somemacadd2 (somemacadd2)
Source: somemacadd (AsustekC_)
Type: IP (0x0800)
Internet Protocol, Src Addr: 192.168.0.131 (192.168.0.131), Dst Addr: 239.255.255.250 (239.255.255.250)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 129
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 1
Protocol: UDP (0x11)
Header checksum: 0xc846 (correct)
Source: 192.168.0.131 (192.168.0.131)
Destination: 239.255.255.250 (239.255.255.250)
User Datagram Protocol, Src Port: http-alt (8008), Dst Port: 1900 (1900)
Source port: http-alt (8008)
Destination port: 1900 (1900)
Length: 109
Checksum: 0x362a (correct)
Hypertext Transfer Protocol
M-SEARCH * HTTP/1.1\r\n
Request Method: M-SEARCH
Request URI: *
Request Version: HTTP/1.1
ST: upnp:rootdevice\r\n
MX: 3\r\n
MAN: "ssdp:discover"\r\n
HOST: 239.255.255.250:1900\r\n
\r\n
No. Time Source Destination Protocol Info
2 0.001957 192.168.0.1 192.168.0.131 SSDP HTTP/1.1 200 OK
Frame 2 (262 bytes on wire, 262 bytes captured)
Arrival Time: Aug 30, 2005 18:50:02.811497000
Time delta from previous packet: 0.001957000 seconds
Time since reference or first frame: 0.001957000 seconds
Frame Number: 2
Packet Length: 262 bytes
Capture Length: 262 bytes
Protocols in frame: eth:ip:udp:http
Ethernet II, Src: anothermac, Dst: somemacadd
Destination: somemacadd (AsustekC_)
Source: (D-Link_26)
Type: IP (0x0800)
Internet Protocol, Src Addr: 192.168.0.1 (192.168.0.1), Dst Addr: 192.168.0.131 (192.168.0.131)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 248
Identification: 0x9f08 (40712)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x5918 (correct)
Source: 192.168.0.1 (192.168.0.1)
Destination: 192.168.0.131 (192.168.0.131)
User Datagram Protocol, Src Port: 1900 (1900), Dst Port: http-alt (8008)
Source port: 1900 (1900)
Destination port: http-alt (8008)
Length: 228
Checksum: 0xf1b4 (correct)
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
Request Version: HTTP/1.1
Response Code: 200
ST:upnp:rootdevice\r\n
USN:uuid: removed by us ::upnp:rootdevice\r\n
Location:http://192.168.0.1:80/desc.xml\r\n
Cache-Control:max-age=1800\r\n
Server:IGD-HTTP/1.1 UPnP/1.0 UPnP-Device-Host/1.0\r\n
Ext:\r\n
\r\n
