Re: Fw:Re: Proxy (was: Re: [Amsn-devel] WAKE UP EVERYONE!!!!) (fwd)

Le Philousophe - Phil Wed, 12 Apr 2006 11:50:05 -0700

Hi,
I am back ;)
About UDP packets : they aren't UPnP packets... They points to a M$ server... 
I let you check the join Text dump...
About UPnP, Ethereal mark them as SSDP but I think there is a bug somewhere 
since my router didn't want to reply to them (ie my NAT was marked as a 
non-UPnP NAT)
Phil


Le Tuesday 11 April 2006 22:35, Youness Alaoui a écrit :
> of course.
>
>
> On Tue, 11 Apr 2006 16:30:24 -0400, Sander Hoentjen <[EMAIL PROTECTED]>
>
> wrote:
> > and with upnp you can forward a port automatically
> >
> > On Tue, 2006-04-11 at 15:17 -0400, Youness Alaoui wrote:
> >> ok, if the ip is something like 235.235.235.235 or 255.255.255.255 or
> >> whatever, it means it uses UPNP.. UPNP is simply udp packages sent to a
> >> specific broadcast IP, so I guess it uses upnp to detect if it's behind
> >> upnp router.. but if there is no upnp router, then it must use another
> >> way
> >> to find whether it is firewalled or not (i think with upnp you can ask
> >> the
> >> router whether we're firewalled or not).
> >>
> >> KKRT
> >>
> >> On Tue, 11 Apr 2006 15:14:19 -0400, Vivia Nikolaidou
> >>
> >> <[EMAIL PROTECTED]> wrote:
> >> > Hi everyone,
> >> >
> >> > fwd-ing phil's mail as he can't send from his sf address...
> >> >
> >> > ---------- Forwarded message ----------
> >> > Date: Tue, 11 Apr 2006 21:05:14 +0200
> >> > From: "[EMAIL PROTECTED]" < >
> >> > To: vivia <[EMAIL PROTECTED]>
> >> > Subject: Fw:Re: Proxy (was: Re: [Amsn-devel] WAKE UP EVERYONE!!!!)
> >> >
> >> > Hi,
> >> > from my Uncle's home ;)
> >> > I already did the sniff and found some interesting things but it seems
> >> > it uses UDP to check the connection... Very strange... But anyway I
> >>
> >> have
> >>
> >> > the sniff and doesn't seem to be so complicated... It contains the IP
> >> > adress in hex form and a port if I remember well... Not sure though
> >>
> >> and
> >>
> >> > as I am not at home....
> >> > Phil
> >> >
> >> >  > On Mon, 10 Apr 2006, Youness Alaoui wrote:
> >> >  >
> >> >> > why name subject 'proxy' ??
> >> >>
> >> >> because i am tiiiiiiiiiiired :) ok ppl, false alarm!
> >> >>
> >> >> > anyways, the nat detection is very important IMHO, not only do we
> >>
> >> get
> >>
> >> >> > thousands of reports about "ouhh, it says I'm firewalled", but
> >>
> >> also,
> >>
> >> >> in
> >> >>
> >> >> > the case of an FT, if both use amsn, both are not firewalled but
> >>
> >> both
> >>
> >> >> > amsns think they are firewalled, they will use the SB, simply
> >>
> >> because
> >>
> >> >> > FTs don't work the same as webcams...
> >> >>
> >> >> yeah but it will work, even if it's slow!
> >> >>
> >> >> > disassembling ink will take years, same for audio clips and
> >>
> >> 'whatever
> >>
> >> >> > fancy M$ thing', while nat detection is not that difficult maybe a
> >> >> > simple sniff will give us a very simple solution, maybe not...
> >>
> >> maybe
> >>
> >> >> > we'll need the hostname of the port checker and for that, we'll
> >>
> >> just
> >>
> >> >> > have to disassemble and look for 'nat' in the strings the
> >>
> >> executable
> >>
> >> >> > contains.. maybe there's a proprietary hash that needs to be RE-ed
> >>
> >> and
> >>
> >> >> > in that case, it will take too long and at that point it's not
> >> >>
> >> >> necessary
> >> >>
> >> >> > anymore, we'll have to find another server than MS servers... but I
> >> >> > still think it's worth it to spend some time on this issue...
> >> >>
> >> >> yeah, if you put it this way :) if we can find it without RE-ing,
> >>
> >> sure!
> >>
> >> >> now who's going to sniff M$N? :P
> >> >>
> >> >>
> >> >> -------------------------------------------------------
> >> >> This SF.Net email is sponsored by xPML, a groundbreaking scripting
> >> >> language
> >> >> that extends applications into web and mobile media. Attend the live
> >> >> webcast
> >> >> and join the prime developer group breaking into this new coding
> >> >> territory!
> >>
> >> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
> >>
> >> >> _______________________________________________
> >> >> Amsn-devel mailing list
> >> >> Amsn-devel@lists.sourceforge.net
> >> >> https://lists.sourceforge.net/lists/listinfo/amsn-devel
> >> >
> >> > Accédez au courrier électronique de La Poste : www.laposte.net ;
> >> > 3615 LAPOSTENET (0,34 /mn) ; tél : 08 92 68 13 50 (0,34/mn)
> >> >
> >> > Accédez au courrier électronique de La Poste : www.laposte.net ;
> >> > 3615 LAPOSTENET (0,34 €/mn) ; tél : 08 92 68 13 50 (0,34€/mn)
> >
> > -------------------------------------------------------
> > This SF.Net email is sponsored by xPML, a groundbreaking scripting
> > language
> > that extends applications into web and mobile media. Attend the live
> > webcast
> > and join the prime developer group breaking into this new coding
> > territory!
> > http://sel.as-us.falkag.net/sel?cmd=lnk&kid0944&bid$1720&dat1642
> > _______________________________________________
> > Amsn-devel mailing list
> > Amsn-devel@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/amsn-devel

No.     Time        Source                Destination           Protocol Info
     67 2.989261    192.168.0.3           64.4.12.200           UDP      Source 
port: starschool  Destination port: afs3-callback

Frame 67 (62 bytes on wire, 62 bytes captured)
    Arrival Time: Feb 18, 2006 11:39:05.791010000
    Time delta from previous packet: 2.989261000 seconds
    Time since reference or first frame: 2.989261000 seconds
    Frame Number: 67
    Packet Length: 62 bytes
    Capture Length: 62 bytes
    Protocols in frame: eth:ip:udp:data
Ethernet II, Src: AsustekC_48:0c:2a (00:0c:6e:48:0c:2a), Dst: Netgear_15:a5:80 
(00:0f:b5:15:a5:80)
    Destination: Netgear_15:a5:80 (00:0f:b5:15:a5:80)
    Source: AsustekC_48:0c:2a (00:0c:6e:48:0c:2a)
    Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.3 (192.168.0.3), Dst: 64.4.12.200 
(64.4.12.200)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 48
    Identification: 0x66a2 (26274)
    Flags: 0x00
        0... = Reserved bit: Not set
        .0.. = Don't fragment: Not set
        ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 128
    Protocol: UDP (0x11)
    Header checksum: 0xc6a3 [correct]
        Good: True
        Bad : False
    Source: 192.168.0.3 (192.168.0.3)
    Destination: 64.4.12.200 (64.4.12.200)
User Datagram Protocol, Src Port: starschool (2270), Dst Port: afs3-callback 
(7001)
    Source port: starschool (2270)
    Destination port: afs3-callback (7001)
    Length: 28
    Checksum: 0xcc03 [correct]
Data (20 bytes)

0000  00 0f b5 15 a5 80 00 0c 6e 48 0c 2a 08 00 45 00   ........nH.*..E.
0010  00 30 66 a2 00 00 80 11 c6 a3 c0 a8 00 03 40 04   [EMAIL PROTECTED]
0020  0c c8 08 de 1b 59 00 1c cc 03 02 04 00 00 00 00   .....Y..........
0030  00 00 00 00 00 00 00 00 00 00 00 00 00 00         ..............

No.     Time        Source                Destination           Protocol Info
     68 2.990296    192.168.0.3           64.4.12.200           UDP      Source 
port: mmcals  Destination port: afs3-callback

Frame 68 (62 bytes on wire, 62 bytes captured)
    Arrival Time: Feb 18, 2006 11:39:05.792045000
    Time delta from previous packet: 0.001035000 seconds
    Time since reference or first frame: 2.990296000 seconds
    Frame Number: 68
    Packet Length: 62 bytes
    Capture Length: 62 bytes
    Protocols in frame: eth:ip:udp:data
Ethernet II, Src: AsustekC_48:0c:2a (00:0c:6e:48:0c:2a), Dst: Netgear_15:a5:80 
(00:0f:b5:15:a5:80)
    Destination: Netgear_15:a5:80 (00:0f:b5:15:a5:80)
    Source: AsustekC_48:0c:2a (00:0c:6e:48:0c:2a)
    Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.3 (192.168.0.3), Dst: 64.4.12.200 
(64.4.12.200)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 48
    Identification: 0x66a3 (26275)
    Flags: 0x00
        0... = Reserved bit: Not set
        .0.. = Don't fragment: Not set
        ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 128
    Protocol: UDP (0x11)
    Header checksum: 0xc6a2 [correct]
        Good: True
        Bad : False
    Source: 192.168.0.3 (192.168.0.3)
    Destination: 64.4.12.200 (64.4.12.200)
User Datagram Protocol, Src Port: mmcals (2271), Dst Port: afs3-callback (7001)
    Source port: mmcals (2271)
    Destination port: afs3-callback (7001)
    Length: 28
    Checksum: 0x0872 [correct]
Data (20 bytes)

0000  00 0f b5 15 a5 80 00 0c 6e 48 0c 2a 08 00 45 00   ........nH.*..E.
0010  00 30 66 a3 00 00 80 11 c6 a2 c0 a8 00 03 40 04   [EMAIL PROTECTED]
0020  0c c8 08 df 1b 59 00 1c 08 72 02 01 41 31 41 31   .....Y...r..A1A1
0030  41 31 00 00 00 00 00 00 00 00 00 00 00 00         A1............

No.     Time        Source                Destination           Protocol Info
     73 3.171928    64.4.12.200           192.168.0.3           UDP      Source 
port: afs3-callback  Destination port: mmcals

Frame 73 (62 bytes on wire, 62 bytes captured)
    Arrival Time: Feb 18, 2006 11:39:05.973677000
    Time delta from previous packet: 0.181632000 seconds
    Time since reference or first frame: 3.171928000 seconds
    Frame Number: 73
    Packet Length: 62 bytes
    Capture Length: 62 bytes
    Protocols in frame: eth:ip:udp:data
Ethernet II, Src: Netgear_15:a5:80 (00:0f:b5:15:a5:80), Dst: AsustekC_48:0c:2a 
(00:0c:6e:48:0c:2a)
    Destination: AsustekC_48:0c:2a (00:0c:6e:48:0c:2a)
    Source: Netgear_15:a5:80 (00:0f:b5:15:a5:80)
    Type: IP (0x0800)
Internet Protocol, Src: 64.4.12.200 (64.4.12.200), Dst: 192.168.0.3 
(192.168.0.3)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 48
    Identification: 0x0fa7 (4007)
    Flags: 0x00
        0... = Reserved bit: Not set
        .0.. = Don't fragment: Not set
        ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 53
    Protocol: UDP (0x11)
    Header checksum: 0x689f [correct]
        Good: True
        Bad : False
    Source: 64.4.12.200 (64.4.12.200)
    Destination: 192.168.0.3 (192.168.0.3)
User Datagram Protocol, Src Port: afs3-callback (7001), Dst Port: mmcals (2271)
    Source port: afs3-callback (7001)
    Destination port: mmcals (2271)
    Length: 28
    Checksum: 0x0000 (none)
Data (20 bytes)

0000  00 0c 6e 48 0c 2a 00 0f b5 15 a5 80 08 00 45 00   ..nH.*........E.
0010  00 30 0f a7 00 00 35 11 68 9f 40 04 0c c8 c0 a8   [EMAIL PROTECTED]
0020  00 03 1b 59 08 df 00 1c 00 00 02 02 49 ee 13 4d   ...Y........I..M
0030  83 9c 41 38 5a 68 01 35 4d f8 00 00 00 00         ..A8Zh.5M.....

No.     Time        Source                Destination           Protocol Info
    151 18.210509   192.168.0.3           64.4.12.201           UDP      Source 
port: mmcals  Destination port: discard

Frame 151 (42 bytes on wire, 42 bytes captured)
    Arrival Time: Feb 18, 2006 11:39:21.012258000
    Time delta from previous packet: 15.038581000 seconds
    Time since reference or first frame: 18.210509000 seconds
    Frame Number: 151
    Packet Length: 42 bytes
    Capture Length: 42 bytes
    Protocols in frame: eth:ip:udp:data
Ethernet II, Src: AsustekC_48:0c:2a (00:0c:6e:48:0c:2a), Dst: Netgear_15:a5:80 
(00:0f:b5:15:a5:80)
    Destination: Netgear_15:a5:80 (00:0f:b5:15:a5:80)
    Source: AsustekC_48:0c:2a (00:0c:6e:48:0c:2a)
    Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.3 (192.168.0.3), Dst: 64.4.12.201 
(64.4.12.201)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 28
    Identification: 0x671a (26394)
    Flags: 0x00
        0... = Reserved bit: Not set
        .0.. = Don't fragment: Not set
        ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 128
    Protocol: UDP (0x11)
    Header checksum: 0xc63e [correct]
        Good: True
        Bad : False
    Source: 192.168.0.3 (192.168.0.3)
    Destination: 64.4.12.201 (64.4.12.201)
User Datagram Protocol, Src Port: mmcals (2271), Dst Port: discard (9)
    Source port: mmcals (2271)
    Destination port: discard (9)
    Length: 8
    Checksum: 0xe97d [correct]

0000  00 0f b5 15 a5 80 00 0c 6e 48 0c 2a 08 00 45 00   ........nH.*..E.
0010  00 1c 67 1a 00 00 80 11 c6 3e c0 a8 00 03 40 04   ..g......>[EMAIL 
PROTECTED]
0020  0c c9 08 df 00 09 00 08 e9 7d                     .........}

No.     Time        Source                Destination           Protocol Info
    152 18.210630   192.168.0.3           64.4.12.200           UDP      Source 
port: mmcals  Destination port: afs3-callback

Frame 152 (62 bytes on wire, 62 bytes captured)
    Arrival Time: Feb 18, 2006 11:39:21.012379000
    Time delta from previous packet: 0.000121000 seconds
    Time since reference or first frame: 18.210630000 seconds
    Frame Number: 152
    Packet Length: 62 bytes
    Capture Length: 62 bytes
    Protocols in frame: eth:ip:udp:data
Ethernet II, Src: AsustekC_48:0c:2a (00:0c:6e:48:0c:2a), Dst: Netgear_15:a5:80 
(00:0f:b5:15:a5:80)
    Destination: Netgear_15:a5:80 (00:0f:b5:15:a5:80)
    Source: AsustekC_48:0c:2a (00:0c:6e:48:0c:2a)
    Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.3 (192.168.0.3), Dst: 64.4.12.200 
(64.4.12.200)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 48
    Identification: 0x671b (26395)
    Flags: 0x00
        0... = Reserved bit: Not set
        .0.. = Don't fragment: Not set
        ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 128
    Protocol: UDP (0x11)
    Header checksum: 0xc62a [correct]
        Good: True
        Bad : False
    Source: 192.168.0.3 (192.168.0.3)
    Destination: 64.4.12.200 (64.4.12.200)
User Datagram Protocol, Src Port: mmcals (2271), Dst Port: afs3-callback (7001)
    Source port: mmcals (2271)
    Destination port: afs3-callback (7001)
    Length: 28
    Checksum: 0x005e [correct]
Data (20 bytes)

0000  00 0f b5 15 a5 80 00 0c 6e 48 0c 2a 08 00 45 00   ........nH.*..E.
0010  00 30 67 1b 00 00 80 11 c6 2a c0 a8 00 03 40 04   [EMAIL PROTECTED]
0020  0c c8 08 df 1b 59 00 1c 00 5e 02 03 49 ee 13 4d   .....Y...^..I..M
0030  83 9c 41 38 5a 68 01 35 4d f8 00 00 00 00         ..A8Zh.5M.....

No.     Time        Source                Destination           Protocol Info
    154 18.387915   64.4.12.201           192.168.0.3           UDP      Source 
port: afs3-callback  Destination port: mmcals

Frame 154 (62 bytes on wire, 62 bytes captured)
    Arrival Time: Feb 18, 2006 11:39:21.189664000
    Time delta from previous packet: 0.177285000 seconds
    Time since reference or first frame: 18.387915000 seconds
    Frame Number: 154
    Packet Length: 62 bytes
    Capture Length: 62 bytes
    Protocols in frame: eth:ip:udp:data
Ethernet II, Src: Netgear_15:a5:80 (00:0f:b5:15:a5:80), Dst: AsustekC_48:0c:2a 
(00:0c:6e:48:0c:2a)
    Destination: AsustekC_48:0c:2a (00:0c:6e:48:0c:2a)
    Source: Netgear_15:a5:80 (00:0f:b5:15:a5:80)
    Type: IP (0x0800)
Internet Protocol, Src: 64.4.12.201 (64.4.12.201), Dst: 192.168.0.3 
(192.168.0.3)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 48
    Identification: 0x6a22 (27170)
    Flags: 0x00
        0... = Reserved bit: Not set
        .0.. = Don't fragment: Not set
        ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 52
    Protocol: UDP (0x11)
    Header checksum: 0x0f23 [correct]
        Good: True
        Bad : False
    Source: 64.4.12.201 (64.4.12.201)
    Destination: 192.168.0.3 (192.168.0.3)
User Datagram Protocol, Src Port: afs3-callback (7001), Dst Port: mmcals (2271)
    Source port: afs3-callback (7001)
    Destination port: mmcals (2271)
    Length: 28
    Checksum: 0x0000 (none)
Data (20 bytes)

0000  00 0c 6e 48 0c 2a 00 0f b5 15 a5 80 08 00 45 00   ..nH.*........E.
0010  00 30 6a 22 00 00 34 11 0f 23 40 04 0c c9 c0 a8   .0j"[EMAIL PROTECTED]
0020  00 03 1b 59 08 df 00 1c 00 00 02 02 49 ee 13 4d   ...Y........I..M
0030  83 9c 41 38 41 31 41 31 41 31 00 00 00 00         ..A8A1A1A1....

Re: Fw:Re: Proxy (was: Re: [Amsn-devel] WAKE UP EVERYONE!!!!) (fwd)

Reply via email to