[SOLVED] What is that UDP traffic ?

SpongeBOB · 2022-08-05 08:31:38

Hi everyone,

I see the following in my nftable log (that has been dropped) -->

IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:****** SRC=192.168.0.1 DST=255.255.255.255 LEN=138 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=33295 DPT=5678 LEN=118

**** = mac address removed

the SRC, it the IP of this machine so I guess my machine launch a broadcast ? but which one ? from which application ?

Any idea what generate this ? I get it ~every minute.

Thanks.

auanta · 2022-08-05 13:13:07

192.168.0.1 is usually a router address. Verify that 192.168.0.1 the local router IP address for your internal network by looking in your network settings for "default gateway".

So what that line tells me is iptables is saying is that your router is broadcasting UDP packets to all devices on the network, including into your machine through the ethernet connection.

What is the port information of the UDP packets?
Are you or anyone else on your network having any problems connecting to the internet?
I wouldn't worry about it, these broadcasts are normal in a local area network. The router will happily forward UDP packets from several protocols by design: TFTP, DNS, Time, NetBIOS, ND, BOOTP or DHCP, TACACS, IEN-116

Unless you are having issues connecting to the internet, or you just want to tinker with iptables to learn how it all works, you can safely ignore it.

SpongeBOB · 2022-08-05 13:31:04

Thank you Auanta,

192.168.0.1 is the IP of the machine (not the router, there are none, this is a VM network )

I'm not using iptables but NFtables.

Last edited by SpongeBOB (2022-08-05 13:31:21)

auanta · 2022-08-05 14:34:05

SpongeBOB wrote:

Thank you Auanta,
192.168.0.1 is the IP of the machine (not the router, there are none, this is a VM network )
I'm not using iptables but NFtables.

Oh yeah, it's a vm so that makes sense. Also iptables and nftables, both firewalls so same info, I misspoke

Have you tried browsing the internet from within your Devuan VM?

As for what type of UDP traffic it is, it's harmless, but if you want to know then you'd have to look at the port number and correspond it to the protocol.

Last edited by auanta (2022-08-05 14:36:17)

SpongeBOB · 2022-08-05 15:38:53

auanta wrote:

Have you tried browsing the internet from within your Devuan VM?

I have many network, but that working when I need yes.

auanta wrote:

As for what type of UDP traffic it is, it's harmless, but if you want to know then you'd have to look at the port number and correspond it to the protocol.

You mean to look-up with --> https://en.wikipedia.org/wiki/List_of_T … rt_numbers
Port 5678 is not assigned to anything...

auanta · 2022-08-05 17:38:23

That mystery will take you a little bit of a dive into networking theory, I'd say if it's an unassigned port then one of the protocols chose it at random. So which of the above protocols choose a random UDP port? I'll let you do that one haha

Yep, so you're not having any problems with the internet so you can definitely ignore it or just research for curiosity.

SpongeBOB · 2022-08-06 10:19:37

I will "mute" this rules for the moement and when I have the time I will investigate for sure.
Thanks for your guidance.

The officially official Devuan Forum!

#1 2022-08-05 08:31:38

[SOLVED] What is that UDP traffic ?

#2 2022-08-05 13:13:07

Re: [SOLVED] What is that UDP traffic ?

#3 2022-08-05 13:31:04

Re: [SOLVED] What is that UDP traffic ?

#4 2022-08-05 14:34:05

Re: [SOLVED] What is that UDP traffic ?

#5 2022-08-05 15:38:53

Re: [SOLVED] What is that UDP traffic ?

#6 2022-08-05 17:38:23

Re: [SOLVED] What is that UDP traffic ?

#7 2022-08-06 10:19:37

Re: [SOLVED] What is that UDP traffic ?

Board footer