View Single Post
Old 3rd January 2010
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default

You could check netstat -s | grep route for stats of non-routable packets
Code:
$netstat -s | grep route
        0 output packets discarded due to no route
        0 SYNs dropped (no route or no space)
        0 output packets discarded due to no route
                0 no route
        0 bad router solicitation messages
        0 bad router advertisement messages
Or browse the complete output with netstat -s | less or netstat -ss | less.

I also noticed that your iPhone could send several requests out and received the corresponding replies.

RE port 1900

Code:
$ grep 1900 /etc/services                   
ssdp            1900/tcp                        # SSDP
ssdp            1900/udp                        # SSDP
The Simple Service Discovery Protocol entry on wikipedia states
Quote:
Originally Posted by wikipedia
Simple Service Discovery Protocol (SSDP) is an expired IETF Internet draft by Microsoft and Hewlett-Packard. SSDP is the basis of the discovery protocol of Universal plug-and-play.

SSDP provides a mechanism which network clients can use to discover network services. Clients can use SSDP with little or no static configuration.

SSDP uses UDP unicast and multicast packets to advertise available services. The multicast address used is 239.255.255.250 in IPv4
[snip]
SSDP uses port 1900.
Also see http://en.wikipedia.org/wiki/Universal_Plug_and_Play.

The Zeroconf entry mentions the 169.254.0.0/16 block which also could be seen in the tcpdump captures.

I hope the netstat -s output of the OBSD firewall gives us some clue what is wrong.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote