Thu, 25 Mar 2010 20:55:24 -0400 <[email protected]> wrote:
>
> > r...@localhost:~# tcpdump -pni br200 host 10.254.2.254
> > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> > listening on br200, link-type EN10MB (Ethernet), capture size 96 bytes
> > 20:05:40.718890 IP 10.254.2.1.40570 > 10.254.2.254.53: 57874+ A? google.com.
> > (28)
> > 20:05:45.718145 arp who-has 10.254.2.254 tell 10.254.2.1
> > 20:05:45.718627 arp reply 10.254.2.254 is-at 00:16:3e:11:11:03
> > 20:05:45.718867 IP 10.254.2.1.40570 > 10.254.2.254.53: 57874+ A? google.com.
> > (28)
> > 20:05:50.719166 IP 10.254.2.1.40570 > 10.254.2.254.53: 57874+ A? google.com.
> > (28)
> > 20:06:03.271249 IP 10.254.2.254.42132 > 239.255.255.250.1900: UDP, length
> > 273
>
> 239... is a multicast range (I learned the hard way last week when I
> bet a colleague that 224... was the only multicast range)
>
> Why does a dns query turn into a multicast something or other? No idea,
> sorry...
>
>
Its port 1900 UPnP
https://www.grc.com/port_1900.htm
Additionally since my router (at 10.254.2.254) is running pfsense (a freebsd
router distro) I found that I was able to run the dig and netstat commands from
an SSH session.
My findings.
# dig @10.254.2.254 google.com
; <<>> DiG 9.4.3-P2 <<>> @10.254.2.254 google.com
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27942
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 55 IN A 66.249.91.104
;; Query time: 4 msec
;; SERVER: 10.254.2.254#53(10.254.2.254)
;; WHEN: Fri Mar 26 01:02:53 2010
;; MSG SIZE rcvd: 44
# netstat -na
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp4 0 52 10.254.2.254.22 10.254.2.188.57059 ESTABLISHED
tcp6 0 0 *.53 *.* LISTEN
tcp4 0 0 *.53 *.* LISTEN
tcp4 0 0 *.2189 *.* LISTEN
tcp4 0 0 *.80 *.* LISTEN
tcp4 0 0 127.0.0.1.8021 *.* LISTEN
tcp4 0 0 *.22 *.* LISTEN
tcp6 0 0 *.22 *.* LISTEN
udp4 0 0 *.67 *.*
udp6 0 0 *.53 *.*
udp4 0 0 *.53 *.*
udp4 0 0 192.168.2.2.12176 209.139.209.82.123
udp4 0 0 192.168.2.2.21273 72.55.146.217.123
udp4 0 0 192.168.2.2.60591 142.201.7.148.123
udp4 0 0 10.254.2.254.123 *.*
udp4 0 0 10.254.2.254.35906 *.*
udp4 0 0 *.1900 *.*
icm4 0 0 *.* *.*
Active UNIX domain sockets
Address Type Recv-Q Send-Q Inode Conn Refs Nextref Addr
c59083f0 stream 0 0 0 0 0 0
/tmp/php-fastcgi.socket-3
c5908690 stream 0 0 0 c5908738 0 0
c5908738 stream 0 0 0 c5908690 0 0
c5908c78 stream 0 0 c5a84bdc 0 0 0
/tmp/php-fastcgi.socket-3
c5908b28 stream 0 0 c5b0b33c 0 0 0
/tmp/php-fastcgi.socket-2
c59089d8 stream 0 0 c5b0bbdc 0 0 0
/tmp/php-fastcgi.socket-1
c5908930 stream 0 0 c5b0b000 0 0 0
/tmp/php-fastcgi.socket-0
c5909000 stream 0 0 c5904ac8 0 0 0
/var/run/devd.pipe
c5908dc8 dgram 0 0 0 c5908150 0 c59091f8
c59080a8 dgram 0 0 0 c5909d20 0 0
c59091f8 dgram 0 0 0 c5908150 0 c59087e0
c59087e0 dgram 0 0 0 c5908150 0 c5909930
c5909930 dgram 0 0 0 c5908150 0 c5909888
c5909888 dgram 0 0 0 c5908150 0 c59099d8
c59099d8 dgram 0 0 0 c5908150 0 c5909c78
c5909c78 dgram 0 0 0 c5908150 0 0
c5908150 dgram 0 0 c5a84114 0 c5908dc8 0
/var/run/logpriv
c5909d20 dgram 0 0 c5a87678 0 c59080a8 0 /var/run/log
So DNS does work on this box, as it forward DNS replies to other boxes on my
local network.
> --
> To UNSUBSCRIBE, email to [email protected]
> with a subject of "unsubscribe". Trouble? Contact [email protected]
> Archive:
> http://lists.debian.org/[email protected]
>
-M
_________________________________________________________________
IM on the go with Messenger on your phone
http://go.microsoft.com/?linkid=9712960
