LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 08-31-2005, 06:06 AM   #1
Emmanuel_uk
Senior Member
 
Registered: Nov 2004
Distribution: Mandriva mostly, vector 5.1, tried many.Suse gone from HD because bad Novell/Zinblows agreement
Posts: 1,606

Rep: Reputation: 53
Azureus +firewall: UDP-discovery drop packetsport 8008 alt_http What is Azureus doing


Hi,

I do not understand why and what Azureus is doing.
When Azureus 2.3.0.4 is running, every minute shorewall drops 1 UDP packet
that was destined to my PC port 8008 (I understand 8008 is an alternative for http port 80).
Shorewall and ethereal reports are below.

(I have set up shorewall to drop any incoming ping, so I set shorewall
to drop any incoming udp packet but the one from the cable company).
I run a router with integrated firewall (192.168.0.1).
My PC is 192.168.0.131, and runs shorewall (hence 2 firewalls in series).
Azureus is working ok; Its documentation only talk about
opening port 6881 through 6889 (for tcp). Only a very good look at the
documentation quoted somewhere udp beeing needed as well on the same ports (but not 8008). I do not run any http server on my PC.

Here is what I do not understand:
- The azureus doc does not mention port 8008 (as far as I could tell)
- my PC whants to talk to 239.255.255.250
According to http://ws.arin.net/cgi-bin/whois.pl this is a reserved address
- The protocol is SSDP, if I understand correctly shorewall is dropping
a packet that says that a HTTP/1.1 server? is available. What is this for?

In the process I have learned how to use tcpdump and ethereal, so this
is good for a newbie. But now I need some guidance to go further. Thanks in advance.

Code:
Aug 30 19:57:02 localhost kernel: Shorewall:net2all:DROP:IN=eth0 OUT=
MAC=mac_address SRC=192.168.0.1
DST=192.168.0.131 LEN=248 TOS=0x00 PREC=0x00 TTL=64 ID=8465 PROTO=UDP
SPT=1900 DPT=8008 LEN=228

Aug 30 19:58:02 localhost kernel: Shorewall:net2all:DROP:IN=eth0 OUT=
MAC=mac_address SRC=192.168.0.1
DST=192.168.0.131 LEN=248 TOS=0x00 PREC=0x00 TTL=64 ID=8721 PROTO=UDP
SPT=1900 DPT=8008 LEN=228
If I understand correctly, my PC (i.e. azureus) looks for 239.255.255.250.
It then receives a OK response that is dropped by shorewall.

Code:
No.     Time        Source                Destination           Protocol Info
      1 0.000000    192.168.0.131         239.255.255.250       SSDP     M-SEARCH * HTTP/1.1
      2 0.001957    192.168.0.1           192.168.0.131         SSDP     HTTP/1.1 200 OK
      3 60.001875   192.168.0.131         239.255.255.250       SSDP     M-SEARCH * HTTP/1.1
      4 60.003840   192.168.0.1           192.168.0.131         SSDP     HTTP/1.1 200 OK
      5 120.003760  192.168.0.131         239.255.255.250       SSDP     M-SEARCH * HTTP/1.1
      6 120.005732  192.168.0.1           192.168.0.131         SSDP     HTTP/1.1 200 OK
      7 180.005678  192.168.0.131         239.255.255.250       SSDP     M-SEARCH * HTTP/1.1
      8 180.007648  192.168.0.1           192.168.0.131         SSDP     HTTP/1.1 200 OK
Here is the detail of the two first frames

Code:
No.     Time        Source                Destination           Protocol Info
      1 0.000000    192.168.0.131         239.255.255.250       SSDP     M-SEARCH * HTTP/1.1

Frame 1 (143 bytes on wire, 143 bytes captured)
    Arrival Time: Aug 30, 2005 18:50:02.809540000
    Time delta from previous packet: 0.000000000 seconds
    Time since reference or first frame: 0.000000000 seconds
    Frame Number: 1
    Packet Length: 143 bytes
    Capture Length: 143 bytes
    Protocols in frame: eth:ip:udp:http
Ethernet II, Src: somemacadd, Dst: somemacadd2
    Destination: somemacadd2 (somemacadd2)
    Source: somemacadd (AsustekC_)
    Type: IP (0x0800)
Internet Protocol, Src Addr: 192.168.0.131 (192.168.0.131), Dst Addr: 239.255.255.250 (239.255.255.250)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 129
    Identification: 0x0000 (0)
    Flags: 0x04 (Don't Fragment)
        0... = Reserved bit: Not set
        .1.. = Don't fragment: Set
        ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 1
    Protocol: UDP (0x11)
    Header checksum: 0xc846 (correct)
    Source: 192.168.0.131 (192.168.0.131)
    Destination: 239.255.255.250 (239.255.255.250)
User Datagram Protocol, Src Port: http-alt (8008), Dst Port: 1900 (1900)
    Source port: http-alt (8008)
    Destination port: 1900 (1900)
    Length: 109
    Checksum: 0x362a (correct)
Hypertext Transfer Protocol
    M-SEARCH * HTTP/1.1\r\n
        Request Method: M-SEARCH
        Request URI: *
        Request Version: HTTP/1.1
    ST: upnp:rootdevice\r\n
    MX: 3\r\n
    MAN: "ssdp:discover"\r\n
    HOST: 239.255.255.250:1900\r\n
    \r\n

No.     Time        Source                Destination           Protocol Info
      2 0.001957    192.168.0.1           192.168.0.131         SSDP     HTTP/1.1 200 OK

Frame 2 (262 bytes on wire, 262 bytes captured)
    Arrival Time: Aug 30, 2005 18:50:02.811497000
    Time delta from previous packet: 0.001957000 seconds
    Time since reference or first frame: 0.001957000 seconds
    Frame Number: 2
    Packet Length: 262 bytes
    Capture Length: 262 bytes
    Protocols in frame: eth:ip:udp:http
Ethernet II, Src: anothermac, Dst: somemacadd
    Destination: somemacadd (AsustekC_)
    Source:  (D-Link_26)
    Type: IP (0x0800)
Internet Protocol, Src Addr: 192.168.0.1 (192.168.0.1), Dst Addr: 192.168.0.131 (192.168.0.131)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 248
    Identification: 0x9f08 (40712)
    Flags: 0x00
        0... = Reserved bit: Not set
        .0.. = Don't fragment: Not set
        ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 64
    Protocol: UDP (0x11)
    Header checksum: 0x5918 (correct)
    Source: 192.168.0.1 (192.168.0.1)
    Destination: 192.168.0.131 (192.168.0.131)
User Datagram Protocol, Src Port: 1900 (1900), Dst Port: http-alt (8008)
    Source port: 1900 (1900)
    Destination port: http-alt (8008)
    Length: 228
    Checksum: 0xf1b4 (correct)
Hypertext Transfer Protocol
    HTTP/1.1 200 OK\r\n
        Request Version: HTTP/1.1
        Response Code: 200
    ST:upnp:rootdevice\r\n
    USN:uuid: removed by us ::upnp:rootdevice\r\n
    Location:http://192.168.0.1:80/desc.xml\r\n
    Cache-Control:max-age=1800\r\n
    Server:IGD-HTTP/1.1 UPnP/1.0 UPnP-Device-Host/1.0\r\n
    Ext:\r\n
    \r\n
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Drop connections to port 80 at firewall machine also drop at protected network? Niceman2005 Linux - Security 2 10-27-2005 08:21 AM
azureus torrent behind ADSL router firewall problem kpachopoulos General 2 08-27-2005 01:10 PM
stopping the linux firewall for azureus jax8 Linux - Newbie 1 11-18-2004 03:26 AM
Azureus remz Linux - Software 1 10-12-2004 11:33 PM
azureus installed..azureus script can be moved? nixel Slackware 1 05-22-2004 10:22 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 11:57 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration