In-Depth Analyse Client-Discovery

Antworten
Benutzeravatar
Nobby1805
Moderator
Beiträge: 21372
Registriert: 6. Jun 2009, 17:40
Wohnort: Essen

In-Depth Analyse Client-Discovery

Beitrag von Nobby1805 »

Achtung: under construction !

Die Analyse der "letzten Hälfte" ist aufgrund der verschlüsselten Kommunikation fast nicht möglich, es wäre schön wenn mir jemand einen Capture-Log eines fehlerhaften Versuchs schicken könnte


Da in letzter Zeit wieder mehrfach Probleme bei der Installation des Connectors, bzw. genauer bei der Konfiguration des Clients zum Schluss der Installation, berichtet werden habe ich eine Analyse durchgeführt was dort passiert. Und da ich der Meinung bin, dass die Probleme durch falsche Firewall-Einstellungen hervor gerufen werden (auch wenn die Firewall scheinbar abgeschaltet ist) fange ich mit einer Netzwerk-Analyse an.

Die Konfiguration des Client kann jederzeit wiederholt werden wenn man Discovery.exe aufruft, das man in dem Programmverzeichnis des Home Servers auf jedem Client findet.
1.png
1.png (35.52 KiB) 2426 mal betrachtet
Das Ganze beginnt mit einem SSDP (Simple Service Discovery Protocol) Request der an die IP 239.255.255.250:1900 geschickt wird und vom WHS (oder mehreren) mit einem SSDP:Response beantwortet wird. Dieser Request wird während der gesamten Laufzeit des Discovery alle 10 Sekunden wiederholt, dabei wird jedesmal ein neuer Port auf dem Client verwendet.

Mit jeweils 5 Sekunden Versatz wird dann über eine HTTP-Abfrage geprüft ob es sich (wirklich) um einen Home-Server handelt

Code: Alles auswählen

HTTP:Request, GET /upnphost/udhisapi.dll, Query:content=uuid:948b613f-a5a0-4da3-bc37-f46b95685895
HTTP:Response, HTTP/1.1, Status: Ok, URL: /upnphost/udhisapi.dll
HTTP:HTTP Payload, URL: /upnphost/udhisapi.dll
TCP:Flags=...A...., SrcPort=1213, DstPort=2869, PayloadLen=0, Seq=1995850998, Ack=1852029338, Win=65535 (scale factor 0x0) = 65535
TCP:[Continuation to #702]Flags=...AP..., SrcPort=2869, DstPort=1213, PayloadLen=31, Seq=1852029338 - 1852029369, Ack=1995850998, Win=64735 (scale factor 0x0) = 64735
TCP:Flags=...A...., SrcPort=1213, DstPort=2869, PayloadLen=0, Seq=1995850998, Ack=1852029369, Win=65504 (scale factor 0x0) = 65504
hierzu werden währende der gesamten Laufzeit des Discovery die selben Ports verwendet: hier 1213 auf dem Client und 2869 auf dem WHS. Die 3 TCP-Pakete sind: das ACK für das HTTP-Payload, die Fortsetzung des HTTP-Payload und das ACK für die Fortsetzung

Das steht in der Payload (die grün markierten Informationen sind systemspezifisch)
<?xml version="1.0"?>
..<root xmlns="urn:schemas-upnp-org:device-1-0"
...<specVersion>
....<major>1</major>
....<minor>0</minor>
...</specVersion>
...<device>
....<URLBase>http://WHS</URLBase>
....<deviceType>urn:schemas-upnp-org:device:Basic:1</deviceType>
....<friendlyName>WHS</friendlyName>
....<manufacturer>Microsoft Corporation</manufacturer>
....<manufacturerURL>http://go.microsoft.com/fwlink/?LinkID=93138</manufacturerURL>
....<modelDescription>Windows Home Server</modelDescription>
....<modelName>Windows Home Server</modelName>
....<modelNumber>v1.0</modelNumber>
....<modelURL>http://go.microsoft.com/fwlink/?LinkID=93139</modelURL>
....<serialNumber>unknown</serialNumber>
....<UDN>uuid:948b613f-a5a0-4da3-bc37-f46b95685895</UDN>
....<UPC>00000-00001</UPC>
....<serviceList>
.....<service>
......<serviceType>urn:microsoft-com:service:QUPNPDeviceService:1</serviceType>
......<serviceId>urn:microsoft-com:serviceId:QUPNPDeviceService1.0</serviceId>
......<controlURL>/upnphost/udhisapi.dll?control=uuid:948b613f-a5a0-4da3-bc37-f46b95685895+urn:microsoft-com:serviceId:QUPNPDeviceService1.0</controlURL>
......<eventSubURL>/upnphost/udhisapi.dll?event=uuid:948b613f-a5a0-4da3-bc37-f46b95685895+urn:microsoft-com:serviceId:QUPNPDeviceService1.0</eventSubURL>
......<SCPDURL>/upnphost/udhisapi.dll?content=uuid:a2d09215-8da2-4a11-a78e-205f5b3b0c6e</SCPDURL>
.....</service>
....</serviceList>
....<presentationURL>http://WHS/upnp/welcome.aspx?</presentationURL>
...</device>
..</root>..
es folgt der Mitschnitt des Netztraffics, die beschriebenen Blöcke sind jeweils nur als SSDP und HTTP GET markiert

Code: Alles auswählen

	Source	Dest	S-Port	D-Port		
Discovery.exe					SSDP	
WHSConnector.exe	XP	WHS  	1083	1138	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	WHS  	XP	1138	1083	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	XP	WHS  	1083	1138	TCP	TCP:Flags=...A...., SrcPort=1083, DstPort=1138, PayloadLen=0, Seq=1586939610, Ack=571554562, Win=64697
WHSConnector.exe	WHS  	XP	1138	1083	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	XP	WHS  	1083	1138	TLS	TLS:TLS Rec Layer-1 SSL Application Data
Discovery.exe	XP	WHS  	1213	2869	TCP	TCP:Flags=......S., SrcPort=1213, DstPort=2869, PayloadLen=0, Seq=1995850197, Ack=0, Win=65535 (  ) = 65535
Discovery.exe	WHS  	XP	2869	1213	TCP	TCP:Flags=...A..S., SrcPort=2869, DstPort=1213, PayloadLen=0, Seq=1852020973, Ack=1995850198, Win=16384 ( Scale factor not supported ) = 16384
Discovery.exe	XP	WHS  	1213	2869	TCP	TCP:Flags=...A...., SrcPort=1213, DstPort=2869, PayloadLen=0, Seq=1995850198, Ack=1852020974, Win=65535 (scale factor 0x0) = 65535
Discovery.exe					HTTP GET	
WHSConnector.exe	WHS  	XP	1138	1083	TCP	TCP:Flags=...A...., SrcPort=1138, DstPort=1083, PayloadLen=0, Seq=571554813, Ack=1586939871, Win=64446
Discovery.exe					SSDP	
Discovery.exe					HTTP GET	
Discovery.exe					SSDP	
WHSConnector.exe	WHS  	XP	1138	1083	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	XP	WHS  	1083	1138	TLS	TLS:TLS Rec Layer-1 SSL Application Data
Discovery.exe					HTTP GET	
WHSConnector.exe	WHS  	XP	1138	1083	TCP	TCP:Flags=...A...., SrcPort=1138, DstPort=1083, PayloadLen=0, Seq=571554878, Ack=1586939936, Win=64381
Discovery.exe					SSDP	
WHSConnector.exe	XP	WHS  	1083	1138	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	WHS  	XP	1138	1083	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	XP	WHS  	1083	1138	TCP	TCP:Flags=...A...., SrcPort=1083, DstPort=1138, PayloadLen=0, Seq=1586940187, Ack=571555139, Win=64120
WHSConnector.exe	WHS  	XP	1138	1083	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	XP	WHS  	1083	1138	TLS	TLS:TLS Rec Layer-1 SSL Application Data
Discovery.exe					HTTP GET	
WHSConnector.exe	WHS  	XP	1138	1083	TCP	TCP:Flags=...A...., SrcPort=1138, DstPort=1083, PayloadLen=0, Seq=571555390, Ack=1586940448, Win=65535
Discovery.exe					SSDP	
Discovery.exe					HTTP GET	
Discovery.exe					SSDP	
WHSConnector.exe	WHS  	XP	1138	1083	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	XP	WHS  	1083	1138	TLS	TLS:TLS Rec Layer-1 SSL Application Data
Discovery.exe					HTTP GET	
WHSConnector.exe	WHS  	XP	1138	1083	TCP	TCP:Flags=...A...., SrcPort=1138, DstPort=1083, PayloadLen=0, Seq=571555455, Ack=1586940513, Win=65470

Die folgende Frage kommt nur, wenn mehr als ein WHS gefunden wird
2.png
2.png (39.26 KiB) 2426 mal betrachtet

Code: Alles auswählen

Discovery.exe					SSDP	
Discovery.exe	XP	WHS  	1222	55000	TCP	TCP:Flags=......S., SrcPort=1222, DstPort=55000, PayloadLen=0, Seq=823431672, Ack=0, Win=65535 (  ) = 65535
Discovery.exe	WHS  	XP	55000	1222	TCP	TCP:Flags=...A..S., SrcPort=55000, DstPort=1222, PayloadLen=0, Seq=3602917664, Ack=823431673, Win=16384 ( Scale factor not supported ) = 16384
Discovery.exe	XP	WHS  	1222	55000	TCP	TCP:Flags=...A...., SrcPort=1222, DstPort=55000, PayloadLen=0, Seq=823431673, Ack=3602917665, Win=65535 (scale factor 0x0) = 65535
Discovery.exe	XP	WHS  	1222	55000	HTTP	HTTP:Request, GET /EnrollId/Id.aspx, Query:q=1279361522
Discovery.exe	WHS  	XP	55000	1222	HTTP	HTTP:Response, HTTP/1.1, Status: Ok, URL: /EnrollId/Id.aspx
Discovery.exe	WHS  	XP	55000	1222	TCP	TCP:[Continuation to #941]Flags=...AP..., SrcPort=55000, DstPort=1222, PayloadLen=205, Seq=3602919125 - 3602919330, Ack=823432014, Win=65194 (scale factor 0x0) = 65194
Discovery.exe	XP	WHS  	1222	55000	TCP	TCP:Flags=...A...., SrcPort=1222, DstPort=55000, PayloadLen=0, Seq=823432014, Ack=3602919330, Win=65535 (scale factor 0x0) = 65535
	XP	224.0.0.22	#WERT!	#WERT!	IGMP	IGMP:IGMPv3 Membership Report
WHSConnector.exe	XP	WHS  	1083	1138	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	WHS  	XP	1138	1083	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	XP	WHS  	1083	1138	TCP	TCP:Flags=...A...., SrcPort=1083, DstPort=1138, PayloadLen=0, Seq=1586940764, Ack=571555716, Win=65209
WHSConnector.exe	WHS  	XP	1138	1083	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	XP	WHS  	1083	1138	TLS	TLS:TLS Rec Layer-1 SSL Application Data
Discovery.exe					HTTP GET	
WHSConnector.exe	WHS  	XP	1138	1083	TCP	TCP:Flags=...A...., SrcPort=1138, DstPort=1083, PayloadLen=0, Seq=571555967, Ack=1586941025, Win=64958
Discovery.exe					SSDP	
Discovery.exe					HTTP GET	
Discovery.exe					SSDP	
WHSConnector.exe	WHS  	XP	1138	1083	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	XP	WHS  	1083	1138	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	WHS  	XP	1138	1083	TCP	TCP:Flags=...A...., SrcPort=1138, DstPort=1083, PayloadLen=0, Seq=571556032, Ack=1586941090, Win=64893
Discovery.exe					HTTP GET	
Discovery.exe					SSDP	
WHSConnector.exe	XP	WHS  	1083	1138	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	WHS  	XP	1138	1083	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	XP	WHS  	1083	1138	TCP	TCP:Flags=...A...., SrcPort=1083, DstPort=1138, PayloadLen=0, Seq=1586941341, Ack=571556293, Win=64632
WHSConnector.exe	WHS  	XP	1138	1083	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	XP	WHS  	1083	1138	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	WHS  	XP	1138	1083	TCP	TCP:Flags=...A...., SrcPort=1138, DstPort=1083, PayloadLen=0, Seq=571556544, Ack=1586941602, Win=64381
Discovery.exe					HTTP GET	
Discovery.exe					SSDP	
WHSConnector.exe	XP	WHS  	1083	1138	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	WHS  	XP	1138	1083	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	XP	WHS  	1083	1138	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	WHS  	XP	1138	1083	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	XP	WHS  	1083	1138	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	WHS  	XP	1138	1083	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	XP	WHS  	1083	1138	TCP	TCP:Flags=...A...., SrcPort=1083, DstPort=1138, PayloadLen=0, Seq=1586942234, Ack=571556959, Win=65463
Discovery.exe					HTTP GET	
Discovery.exe					SSDP	
Discovery.exe					HTTP GET	
	XP	224.0.0.22	#WERT!	#WERT!	IGMP	IGMP:IGMPv3 Membership Report
3.png
3.png (42.21 KiB) 2426 mal betrachtet

Code: Alles auswählen

Discovery.exe	XP	WHS  	1222	55000	HTTP	HTTP:Request, GET /EnrollId/Id.aspx, Query:q=1279361581
Discovery.exe	WHS  	XP	55000	1222	HTTP	HTTP:Response, HTTP/1.1, Status: Ok, URL: /EnrollId/Id.aspx
Discovery.exe	WHS  	XP	55000	1222	TCP	TCP:[Continuation to #1428]Flags=...AP..., SrcPort=55000, DstPort=1222, PayloadLen=205, Seq=3602920790 - 3602920995, Ack=823432355, Win=64853 (scale factor 0x0) = 64853
Discovery.exe	XP	WHS  	1222	55000	TCP	TCP:Flags=...A...., SrcPort=1222, DstPort=55000, PayloadLen=0, Seq=823432355, Ack=3602920995, Win=65535 (scale factor 0x0) = 65535
Discovery.exe	XP	WHS  	1222	55000	HTTP	HTTP:Request, GET /EnrollId/Id.aspx, Query:q=1279361581
Discovery.exe	WHS  	XP	55000	1222	HTTP	HTTP:Response, HTTP/1.1, Status: Ok, URL: /EnrollId/Id.aspx
Discovery.exe	WHS  	XP	55000	1222	TCP	TCP:[Continuation to #1432]Flags=...AP..., SrcPort=55000, DstPort=1222, PayloadLen=205, Seq=3602922455 - 3602922660, Ack=823432696, Win=64512 (scale factor 0x0) = 64512
Discovery.exe	XP	WHS  	1222	55000	TCP	TCP:Flags=...A...., SrcPort=1222, DstPort=55000, PayloadLen=0, Seq=823432696, Ack=3602922660, Win=65535 (scale factor 0x0) = 65535
Discovery.exe	XP	WHS  	1228	56000	TCP	TCP:Flags=......S., SrcPort=1228, DstPort=56000, PayloadLen=0, Seq=4001396498, Ack=0, Win=65535 (  ) = 65535
Discovery.exe	WHS  	XP	56000	1228	TCP	TCP:Flags=...A..S., SrcPort=56000, DstPort=1228, PayloadLen=0, Seq=1106554404, Ack=4001396499, Win=16384 ( Scale factor not supported ) = 16384
Discovery.exe	XP	WHS  	1228	56000	TCP	TCP:Flags=...A...., SrcPort=1228, DstPort=56000, PayloadLen=0, Seq=4001396499, Ack=1106554405, Win=65535 (scale factor 0x0) = 65535
Discovery.exe	XP	WHS  	1228	56000	TLS	TLS:TLS Rec Layer-1 HandShake: Client Hello.
Discovery.exe	WHS  	XP	56000	1228	TLS	TLS:TLS Rec Layer-1 HandShake: Server Hello. Certificate. Server Hello Done.
Discovery.exe	XP	WHS  	1228	56000	TLS	TLS:TLS Rec Layer-1 HandShake: Client Key Exchange.; TLS Rec Layer-2 Cipher Change Spec; TLS Rec Layer-3 HandShake: Encrypted Handshake Message.
Discovery.exe	WHS  	XP	56000	1228	TLS	TLS:TLS Rec Layer-1 Cipher Change Spec; TLS Rec Layer-2 HandShake: Encrypted Handshake Message.
Discovery.exe	XP	WHS  	1228	56000	TLS	TLS:TLS Rec Layer-1 SSL Application Data
Discovery.exe	XP	WHS  	1228	56000	TLS	TLS:TLS Rec Layer-1 SSL Application Data
Discovery.exe	WHS  	XP	56000	1228	TCP	TCP:Flags=...A...., SrcPort=56000, DstPort=1228, PayloadLen=0, Seq=1106555131, Ack=4001397225, Win=64809 (scale factor 0x0) = 64809
Discovery.exe	WHS  	XP	56000	1228	TLS	TLS:TLS Rec Layer-1 SSL Application Data
Discovery.exe	WHS  	XP	56000	1228	TCP	TCP:[Continuation to #1445]Flags=...AP..., SrcPort=56000, DstPort=1228, PayloadLen=985, Seq=1106556591 - 1106557576, Ack=4001397225, Win=64809 (scale factor 0x0) = 64809
Discovery.exe	XP	WHS  	1228	56000	TCP	TCP:Flags=...A...., SrcPort=1228, DstPort=56000, PayloadLen=0, Seq=4001397225, Ack=1106557576, Win=65535 (scale factor 0x0) = 65535
Discovery.exe	XP	WHS  	1228	56000	TLS	TLS:TLS Rec Layer-1 SSL Application Data
Discovery.exe	WHS  	XP	56000	1228	TLS	TLS:TLS Rec Layer-1 SSL Application Data
Discovery.exe	WHS  	XP	56000	1228	TCP	TCP:[Continuation to #1449]Flags=...AP..., SrcPort=56000, DstPort=1228, PayloadLen=932, Seq=1106559036 - 1106559968, Ack=4001397704, Win=64330 (scale factor 0x0) = 64330
Discovery.exe	XP	WHS  	1228	56000	TCP	TCP:Flags=...A...., SrcPort=1228, DstPort=56000, PayloadLen=0, Seq=4001397704, Ack=1106559968, Win=65535 (scale factor 0x0) = 65535
Discovery.exe	XP	WHS  	1228	56000	TLS	TLS:TLS Rec Layer-1 SSL Application Data
Discovery.exe	XP	WHS  	1228	56000	TLS	TLS:TLS Rec Layer-1 SSL Application Data
Discovery.exe	WHS  	XP	56000	1228	TCP	TCP:Flags=...A...., SrcPort=56000, DstPort=1228, PayloadLen=0, Seq=1106559968, Ack=4001398449, Win=65535 (scale factor 0x0) = 65535
Discovery.exe	WHS  	XP	56000	1228	TLS	TLS:TLS Rec Layer-1 SSL Application Data
Discovery.exe	WHS  	XP	56000	1228	TCP	TCP:[Continuation to #1455]Flags=...A...., SrcPort=56000, DstPort=1228, PayloadLen=1460, Seq=1106561428 - 1106562888, Ack=4001398449, Win=65535 (scale factor 0x0) = 65535
Discovery.exe	XP	WHS  	1228	56000	TCP	TCP:Flags=...A...., SrcPort=1228, DstPort=56000, PayloadLen=0, Seq=4001398449, Ack=1106562888, Win=65535 (scale factor 0x0) = 65535
Discovery.exe	WHS  	XP	56000	1228	TCP	TCP:[Continuation to #1455]Flags=...AP..., SrcPort=56000, DstPort=1228, PayloadLen=1410, Seq=1106562888 - 1106564298, Ack=4001398449, Win=65535 (scale factor 0x0) = 65535
Discovery.exe	XP	WHS  	1228	56000	TCP	TCP:Flags=...A...., SrcPort=1228, DstPort=56000, PayloadLen=0, Seq=4001398449, Ack=1106564298, Win=64125 (scale factor 0x0) = 64125
Discovery.exe					SSDP	
WHSConnector.exe	XP	WHS  	1083	1138	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	WHS  	XP	1138	1083	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	XP	WHS  	1083	1138	TCP	TCP:Flags=...A...., SrcPort=1083, DstPort=1138, PayloadLen=0, Seq=1586942299, Ack=571557024, Win=65398
WHSConnector.exe	XP	WHS  	1083	1138	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	WHS  	XP	1138	1083	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	XP	WHS  	1083	1138	TCP	TCP:Flags=...A...., SrcPort=1083, DstPort=1138, PayloadLen=0, Seq=1586942550, Ack=571557285, Win=65137
WHSConnector.exe	WHS  	XP	1138	1083	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	XP	WHS  	1083	1138	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	WHS  	XP	1138	1083	TCP	TCP:Flags=...A...., SrcPort=1138, DstPort=1083, PayloadLen=0, Seq=571557536, Ack=1586942811, Win=64660
Discovery.exe					HTTP GET	
Discovery.exe					SSDP	
Discovery.exe					HTTP GET	
Discovery.exe					SSDP	
	WHS  	192.168.1.255	138	138	BROWSER	BROWSER:Domain/Workgroup Announcement, MachineGroup = VIRTUAL, serverName = VIRTUALWHS
WHSConnector.exe	WHS  	XP	1138	1083	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	XP	WHS  	1083	1138	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	WHS  	XP	1138	1083	TCP	TCP:Flags=...A...., SrcPort=1138, DstPort=1083, PayloadLen=0, Seq=571557601, Ack=1586942876, Win=64595
Discovery.exe					HTTP GET	
Discovery.exe					SSDP	
WHSConnector.exe	XP	WHS  	1083	1138	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	WHS  	XP	1138	1083	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	XP	WHS  	1083	1138	TCP	TCP:Flags=...A...., SrcPort=1083, DstPort=1138, PayloadLen=0, Seq=1586943127, Ack=571557862, Win=64560
WHSConnector.exe	WHS  	XP	1138	1083	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	XP	WHS  	1083	1138	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	WHS  	XP	1138	1083	TCP	TCP:Flags=...A...., SrcPort=1138, DstPort=1083, PayloadLen=0, Seq=571558113, Ack=1586943388, Win=64083
Discovery.exe					HTTP GET	
Discovery.exe					SSDP	
Discovery.exe					HTTP GET	
Discovery.exe					SSDP	
	WHS  	192.168.1.255	138	138	BROWSER	BROWSER:Local Master Announcement, ServerName = VIRTUALWHS
WHSConnector.exe	WHS  	XP	1138	1083	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	XP	WHS  	1083	1138	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	WHS  	XP	1138	1083	TCP	TCP:Flags=...A...., SrcPort=1138, DstPort=1083, PayloadLen=0, Seq=571558178, Ack=1586943453, Win=65535
Discovery.exe					HTTP GET	
4.png
4.png (67.31 KiB) 2426 mal betrachtet

Code: Alles auswählen

Discovery.exe	XP	WHS  	1222	55000	HTTP	HTTP:Request, GET /EnrollId/Id.aspx, Query:q=1279361640
Discovery.exe	WHS  	XP	55000	1222	HTTP	HTTP:Response, HTTP/1.1, Status: Ok, URL: /EnrollId/Id.aspx
Discovery.exe	WHS  	XP	55000	1222	TCP	TCP:[Continuation to #1659]Flags=...AP..., SrcPort=55000, DstPort=1222, PayloadLen=205, Seq=3602924120 - 3602924325, Ack=823433037, Win=64171 (scale factor 0x0) = 64171
Discovery.exe	XP	WHS  	1222	55000	TCP	TCP:Flags=...A...., SrcPort=1222, DstPort=55000, PayloadLen=0, Seq=823433037, Ack=3602924325, Win=65535 (scale factor 0x0) = 65535
WHSConnector.exe	XP	WHS  	1083	1138	TCP	TCP:Flags=...A...F, SrcPort=1083, DstPort=1138, PayloadLen=0, Seq=1586943453, Ack=571558178, Win=64244
WHSConnector.exe	WHS  	XP	1138	1083	TCP	TCP:Flags=...A...., SrcPort=1138, DstPort=1083, PayloadLen=0, Seq=571558178, Ack=1586943454, Win=65535
WHSConnector.exe	WHS  	XP	1138	1083	TCP	TCP:Flags=...A...F, SrcPort=1138, DstPort=1083, PayloadLen=0, Seq=571558178, Ack=1586943454, Win=65535
WHSConnector.exe	XP	WHS  	1083	1138	TCP	TCP:Flags=...A...., SrcPort=1083, DstPort=1138, PayloadLen=0, Seq=1586943454, Ack=571558179, Win=64244
Discovery.exe					SSDP	
	XP	224.0.0.22	#WERT!	#WERT!	IGMP	IGMP:IGMPv3 Membership Report
Discovery.exe	XP	WHS  	1228	56000	TCP	TCP:Flags=...A.R.., SrcPort=1228, DstPort=56000, PayloadLen=0, Seq=4001398449, Ack=1106564298, Win=0 (scale factor 0x0) = 0
WHSConnector.exe	XP	239.255.255.250	1236	1900	SSDP	SSDP:Request, M-SEARCH * 
WHSConnector.exe	XP	WHS  	1237	1138	TCP	TCP:Flags=......S., SrcPort=1237, DstPort=1138, PayloadLen=0, Seq=3490560088, Ack=0, Win=65535 (  ) = 65535
WHSConnector.exe	WHS  	XP	1138	1237	TCP	TCP:Flags=...A..S., SrcPort=1138, DstPort=1237, PayloadLen=0, Seq=2567405337, Ack=3490560089, Win=16384 ( Scale factor not supported ) = 16384
WHSConnector.exe	XP	WHS  	1237	1138	TCP	TCP:Flags=...A...., SrcPort=1237, DstPort=1138, PayloadLen=0, Seq=3490560089, Ack=2567405338, Win=65535 (scale factor 0x0) = 65535
WHSConnector.exe	XP	WHS  	1237	1138	TLS	TLS:TLS Rec Layer-1 HandShake: Client Hello.
WHSConnector.exe	WHS  	XP	1138	1237	TLS	TLS:TLS Rec Layer-1 HandShake: Server Hello. Certificate. Certificate Request.
WHSConnector.exe	WHS  	XP	1138	1237	TCP	TCP:[Continuation to #1685]Flags=...A...., SrcPort=1138, DstPort=1237, PayloadLen=1460, Seq=2567406798 - 2567408258, Ack=3490560153, Win=65471 (scale factor 0x0) = 65471
WHSConnector.exe	XP	WHS  	1237	1138	TCP	TCP:Flags=...A...., SrcPort=1237, DstPort=1138, PayloadLen=0, Seq=3490560153, Ack=2567408258, Win=65535 (scale factor 0x0) = 65535
WHSConnector.exe	WHS  	XP	1138	1237	TCP	TCP:[Continuation to #1685]Flags=...AP..., SrcPort=1138, DstPort=1237, PayloadLen=903, Seq=2567408258 - 2567409161, Ack=3490560153, Win=65471 (scale factor 0x0) = 65471
WHSConnector.exe	XP	WHS  	1237	1138	TCP	TCP:Flags=...A...., SrcPort=1237, DstPort=1138, PayloadLen=0, Seq=3490560153, Ack=2567409161, Win=64632 (scale factor 0x0) = 64632
WHSConnector.exe	XP	WHS  	1237	1138	TLS	TLS:TLS Rec Layer-1 HandShake: Certificate. Client Key Exchange. Certificate Verify.; TLS Rec Layer-2 Cipher Change Spec; TLS Rec Layer-3 HandShake: Encrypted Handshake Message.
WHSConnector.exe	WHS  	XP	1138	1237	TLS	TLS:TLS Rec Layer-1 Cipher Change Spec; TLS Rec Layer-2 HandShake: Encrypted Handshake Message.
WHSConnector.exe	XP	WHS  	1237	1138	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	WHS  	XP	1138	1237	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	XP	WHS  	1237	1138	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	XP	WHS  	1238	8912	TCP	TCP:Flags=......S., SrcPort=1238, DstPort=8912, PayloadLen=0, Seq=4057558569, Ack=0, Win=65535 (  ) = 65535
WHSConnector.exe	WHS  	XP	8912	1238	TCP	TCP:Flags=...A..S., SrcPort=8912, DstPort=1238, PayloadLen=0, Seq=424488501, Ack=4057558570, Win=16384 ( Scale factor not supported ) = 16384
WHSConnector.exe	XP	WHS  	1238	8912	TCP	TCP:Flags=...A...., SrcPort=1238, DstPort=8912, PayloadLen=0, Seq=4057558570, Ack=424488502, Win=65535 (scale factor 0x0) = 65535
System	WHS  	XP	137	137	NbtNs	NbtNs:Query Request for *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> <0x00> Workstation Service
WHSConnector.exe	WHS  	XP	1138	1237	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	XP	WHS  	1237	1138	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	WHS  	XP	1138	1237	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	WHS  	XP	1138	1237	TCP	TCP:[Continuation to #1701]Flags=...A...., SrcPort=1138, DstPort=1237, PayloadLen=1460, Seq=2567410944 - 2567412404, Ack=3490562721, Win=65535 (scale factor 0x0) = 65535
WHSConnector.exe	XP	WHS  	1237	1138	TCP	TCP:Flags=...A...., SrcPort=1237, DstPort=1138, PayloadLen=0, Seq=3490562721, Ack=2567412404, Win=65535 (scale factor 0x0) = 65535
WHSConnector.exe	WHS  	XP	1138	1237	TCP	TCP:[Continuation to #1701]Flags=...A...., SrcPort=1138, DstPort=1237, PayloadLen=1460, Seq=2567412404 - 2567413864, Ack=3490562721, Win=65535 (scale factor 0x0) = 65535
WHSConnector.exe	XP	WHS  	1237	1138	TCP	TCP:Flags=...A...., SrcPort=1237, DstPort=1138, PayloadLen=0, Seq=3490562721, Ack=2567413864, Win=65535 (scale factor 0x0) = 65535
WHSConnector.exe	WHS  	XP	1138	1237	TCP	TCP:[Continuation to #1701]Flags=...AP..., SrcPort=1138, DstPort=1237, PayloadLen=1269, Seq=2567413864 - 2567415133, Ack=3490562721, Win=65535 (scale factor 0x0) = 65535
WHSConnector.exe	WHS  	XP	1138	1237	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	XP	WHS  	1237	1138	TCP	TCP:Flags=...A...., SrcPort=1237, DstPort=1138, PayloadLen=0, Seq=3490562721, Ack=2567416593, Win=65535 (scale factor 0x0) = 65535
WHSConnector.exe	WHS  	XP	1138	1237	TCP	TCP:[Continuation to #1707]Flags=...A...., SrcPort=1138, DstPort=1237, PayloadLen=1460, Seq=2567416593 - 2567418053, Ack=3490562721, Win=65535 (scale factor 0x0) = 65535
WHSConnector.exe	WHS  	XP	1138	1237	TCP	TCP:[Continuation to #1707]Flags=...A...., SrcPort=1138, DstPort=1237, PayloadLen=1460, Seq=2567418053 - 2567419513, Ack=3490562721, Win=65535 (scale factor 0x0) = 65535
WHSConnector.exe	XP	WHS  	1237	1138	TCP	TCP:Flags=...A...., SrcPort=1237, DstPort=1138, PayloadLen=0, Seq=3490562721, Ack=2567419513, Win=65535 (scale factor 0x0) = 65535
WHSConnector.exe	WHS  	XP	1138	1237	TCP	TCP:[Continuation to #1707]Flags=...A...., SrcPort=1138, DstPort=1237, PayloadLen=1460, Seq=2567419513 - 2567420973, Ack=3490562721, Win=65535 (scale factor 0x0) = 65535
WHSConnector.exe	WHS  	XP	1138	1237	TCP	TCP:[Continuation to #1707]Flags=...A...., SrcPort=1138, DstPort=1237, PayloadLen=1460, Seq=2567420973 - 2567422433, Ack=3490562721, Win=65535 (scale factor 0x0) = 65535
WHSConnector.exe	XP	WHS  	1237	1138	TCP	TCP:Flags=...A...., SrcPort=1237, DstPort=1138, PayloadLen=0, Seq=3490562721, Ack=2567422433, Win=65535 (scale factor 0x0) = 65535
WHSConnector.exe	WHS  	XP	1138	1237	TCP	TCP:[Continuation to #1707]Flags=...A...., SrcPort=1138, DstPort=1237, PayloadLen=1460, Seq=2567422433 - 2567423893, Ack=3490562721, Win=65535 (scale factor 0x0) = 65535
WHSConnector.exe	XP	WHS  	1237	1138	TCP	TCP:Flags=...A...., SrcPort=1237, DstPort=1138, PayloadLen=0, Seq=3490562721, Ack=2567423893, Win=65535 (scale factor 0x0) = 65535
WHSConnector.exe	WHS  	XP	1138	1237	TCP	TCP:[Continuation to #1707]Flags=...A...., SrcPort=1138, DstPort=1237, PayloadLen=1460, Seq=2567423893 - 2567425353, Ack=3490562721, Win=65535 (scale factor 0x0) = 65535
WHSConnector.exe	WHS  	XP	1138	1237	TCP	TCP:[Continuation to #1707]Flags=...A...., SrcPort=1138, DstPort=1237, PayloadLen=1460, Seq=2567425353 - 2567426813, Ack=3490562721, Win=65535 (scale factor 0x0) = 65535
WHSConnector.exe	XP	WHS  	1237	1138	TCP	TCP:Flags=...A...., SrcPort=1237, DstPort=1138, PayloadLen=0, Seq=3490562721, Ack=2567426813, Win=62615 (scale factor 0x0) = 62615
WHSConnector.exe	WHS  	XP	1138	1237	TCP	TCP:[Continuation to #1707]Flags=...A...., SrcPort=1138, DstPort=1237, PayloadLen=1460, Seq=2567426813 - 2567428273, Ack=3490562721, Win=65535 (scale factor 0x0) = 65535
WHSConnector.exe	WHS  	XP	1138	1237	TCP	TCP:[Continuation to #1707]Flags=...A...., SrcPort=1138, DstPort=1237, PayloadLen=1460, Seq=2567428273 - 2567429733, Ack=3490562721, Win=65535 (scale factor 0x0) = 65535
WHSConnector.exe	XP	WHS  	1237	1138	TCP	TCP:Flags=...A...., SrcPort=1237, DstPort=1138, PayloadLen=0, Seq=3490562721, Ack=2567429733, Win=59695 (scale factor 0x0) = 59695
WHSConnector.exe	WHS  	XP	1138	1237	TCP	TCP:[Continuation to #1707]Flags=...A...., SrcPort=1138, DstPort=1237, PayloadLen=1460, Seq=2567429733 - 2567431193, Ack=3490562721, Win=65535 (scale factor 0x0) = 65535
WHSConnector.exe	WHS  	XP	1138	1237	TCP	TCP:[Continuation to #1707]Flags=...AP..., SrcPort=1138, DstPort=1237, PayloadLen=345, Seq=2567431193 - 2567431538, Ack=3490562721, Win=65535 (scale factor 0x0) = 65535
WHSConnector.exe	XP	WHS  	1237	1138	TCP	TCP:Flags=...A...., SrcPort=1237, DstPort=1138, PayloadLen=0, Seq=3490562721, Ack=2567431538, Win=57890 (scale factor 0x0) = 57890
WHSConnector.exe	WHS  	XP	1138	1237	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	WHS  	XP	1138	1237	TCP	TCP:[Continuation to #1726]Flags=...AP..., SrcPort=1138, DstPort=1237, PayloadLen=183, Seq=2567432998 - 2567433181, Ack=3490562721, Win=65535 (scale factor 0x0) = 65535
WHSConnector.exe	XP	WHS  	1237	1138	TCP	TCP:Flags=...A...., SrcPort=1237, DstPort=1138, PayloadLen=0, Seq=3490562721, Ack=2567433181, Win=56247 (scale factor 0x0) = 56247
WHSConnector.exe	XP	WHS  	1237	1138	TCP	TCP:[Dup Ack #1728]Flags=...A...., SrcPort=1237, DstPort=1138, PayloadLen=0, Seq=3490562721, Ack=2567433181, Win=65535 (scale factor 0x0) = 65535
WHSConnector.exe	XP	WHS  	1237	1138	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	WHS  	XP	1138	1237	TCP	TCP:Flags=...A...., SrcPort=1138, DstPort=1237, PayloadLen=0, Seq=2567433181, Ack=3490564122, Win=64134 (scale factor 0x0) = 64134
WHSConnector.exe	XP	WHS  	1237	1138	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	WHS  	XP	1900	1236	SSDP	SSDP:Response, HTTP/1.1, Status: Ok, URL: 
WHSConnector.exe	WHS  	XP	1138	1237	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	XP	WHS  	1237	1138	TCP	TCP:Flags=...A...., SrcPort=1237, DstPort=1138, PayloadLen=0, Seq=3490564373, Ack=2567433442, Win=65274 (scale factor 0x0) = 65274
5.png
5.png (34.83 KiB) 2426 mal betrachtet

Code: Alles auswählen

WHSConnector.exe	WHS  	XP	1138	1237	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	XP	WHS  	1237	1138	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	WHS  	XP	1138	1237	TCP	TCP:Flags=...A...., SrcPort=1138, DstPort=1237, PayloadLen=0, Seq=2567433693, Ack=3490564634, Win=65274 (scale factor 0x0) = 65274
Discovery.exe					HTTP GET	
System	WHS  	XP	137	137	NbtNs	NbtNs:Query Request for *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> <0x00> Workstation Service
System	WHS  	XP	137	137	NbtNs	NbtNs:Query Request for *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> <0x00> Workstation Service
WHSConnector.exe	WHS  	XP	8912	1238	TCP	TCP:Flags=...AP..., SrcPort=8912, DstPort=1238, PayloadLen=19, Seq=424488502 - 424488521, Ack=4057558570, Win=65535 (scale factor 0x0) = 65535
WHSConnector.exe	XP	WHS  	1238	8912	TCP	TCP:Flags=...AP..., SrcPort=1238, DstPort=8912, PayloadLen=5, Seq=4057558570 - 4057558575, Ack=424488521, Win=65516 (scale factor 0x0) = 65516
WHSConnector.exe	WHS  	XP	8912	1238	TCP	TCP:Flags=...AP..., SrcPort=8912, DstPort=1238, PayloadLen=1, Seq=424488521 - 424488522, Ack=4057558575, Win=65530 (scale factor 0x0) = 65530
WHSConnector.exe	XP	WHS  	1238	8912	TLS	TLS:TLS Rec Layer-1 HandShake: Client Hello.
WHSConnector.exe	WHS  	XP	8912	1238	TLS	TLS:TLS Rec Layer-1 HandShake: Server Hello. Certificate. Certificate Request.
WHSConnector.exe	WHS  	XP	8912	1238	TCP	TCP:[Continuation to #1757]Flags=...A...., SrcPort=8912, DstPort=1238, PayloadLen=1460, Seq=424489982 - 424491442, Ack=4057558671, Win=65434 (scale factor 0x0) = 65434
WHSConnector.exe	XP	WHS  	1238	8912	TCP	TCP:Flags=...A...., SrcPort=1238, DstPort=8912, PayloadLen=0, Seq=4057558671, Ack=424491442, Win=65535 (scale factor 0x0) = 65535
WHSConnector.exe	WHS  	XP	8912	1238	TCP	TCP:[Continuation to #1757]Flags=...AP..., SrcPort=8912, DstPort=1238, PayloadLen=903, Seq=424491442 - 424492345, Ack=4057558671, Win=65434 (scale factor 0x0) = 65434
WHSConnector.exe	XP	WHS  	1238	8912	TCP	TCP:Flags=...A...., SrcPort=1238, DstPort=8912, PayloadLen=0, Seq=4057558671, Ack=424492345, Win=64632 (scale factor 0x0) = 64632
WHSConnector.exe	XP	WHS  	1238	8912	TLS	TLS:TLS Rec Layer-1 HandShake: Certificate. Client Key Exchange. Certificate Verify.; TLS Rec Layer-2 Cipher Change Spec; TLS Rec Layer-3 HandShake: Encrypted Handshake Message.
WHSConnector.exe	WHS  	XP	8912	1238	TLS	TLS:TLS Rec Layer-1 Cipher Change Spec; TLS Rec Layer-2 HandShake: Encrypted Handshake Message.
WHSConnector.exe	XP	WHS  	1239	2869	TCP	TCP:Flags=......S., SrcPort=1239, DstPort=2869, PayloadLen=0, Seq=4160271036, Ack=0, Win=65535 (  ) = 65535
WHSConnector.exe	WHS  	XP	2869	1239	TCP	TCP:Flags=...A..S., SrcPort=2869, DstPort=1239, PayloadLen=0, Seq=3325893727, Ack=4160271037, Win=16384 ( Scale factor not supported ) = 16384
WHSConnector.exe	XP	WHS  	1239	2869	TCP	TCP:Flags=...A...., SrcPort=1239, DstPort=2869, PayloadLen=0, Seq=4160271037, Ack=3325893728, Win=65535 (scale factor 0x0) = 65535
WHSConnector.exe	XP	WHS  	1239	2869	HTTP	HTTP:Request, GET /upnphost/udhisapi.dll, Query:content=uuid:948b613f-a5a0-4da3-bc37-f46b95685895
WHSConnector.exe	WHS  	XP	2869	1239	HTTP	HTTP:Response, HTTP/1.1, Status: Ok, URL: /upnphost/udhisapi.dll
WHSConnector.exe	WHS  	XP	2869	1239	HTTP	HTTP:HTTP Payload, URL: /upnphost/udhisapi.dll
WHSConnector.exe	XP	WHS  	1239	2869	TCP	TCP:Flags=...A...., SrcPort=1239, DstPort=2869, PayloadLen=0, Seq=4160271197, Ack=3325895376, Win=65535 (scale factor 0x0) = 65535
WHSConnector.exe	WHS  	XP	2869	1239	TCP	TCP:[Continuation to #1769]Flags=...AP..., SrcPort=2869, DstPort=1239, PayloadLen=31, Seq=3325895376 - 3325895407, Ack=4160271197, Win=65375 (scale factor 0x0) = 65375
WHSConnector.exe	XP	WHS  	1238	8912	TCP	TCP:Flags=...A...., SrcPort=1238, DstPort=8912, PayloadLen=0, Seq=4057559590, Ack=424492388, Win=64589 (scale factor 0x0) = 64589
WHSConnector.exe	WHS  	XP	8912	1238	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	XP	WHS  	1238	8912	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	WHS  	XP	8912	1238	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	XP	WHS  	1238	8912	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	WHS  	XP	8912	1238	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	XP	WHS  	1238	8912	TCP	TCP:Flags=...A...F, SrcPort=1238, DstPort=8912, PayloadLen=0, Seq=4057559859, Ack=424492470, Win=64507 (scale factor 0x0) = 64507
WHSConnector.exe	WHS  	XP	8912	1238	TCP	TCP:Flags=...A...., SrcPort=8912, DstPort=1238, PayloadLen=0, Seq=424492470, Ack=4057559860, Win=64246 (scale factor 0x0) = 64246
WHSConnector.exe	WHS  	XP	8912	1238	TCP	TCP:Flags=...A...F, SrcPort=8912, DstPort=1238, PayloadLen=0, Seq=424492470, Ack=4057559860, Win=64246 (scale factor 0x0) = 64246
WHSConnector.exe	XP	WHS  	1238	8912	TCP	TCP:Flags=...A...., SrcPort=1238, DstPort=8912, PayloadLen=0, Seq=4057559860, Ack=424492471, Win=64507 (scale factor 0x0) = 64507
WHSConnector.exe	XP	WHS  	1239	2869	TCP	TCP:Flags=...A...., SrcPort=1239, DstPort=2869, PayloadLen=0, Seq=4160271197, Ack=3325895407, Win=65504 (scale factor 0x0) = 65504
WHSConnector.exe	WHS  	XP	1138	1237	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	WHS  	XP	1138	1237	TCP	TCP:[Continuation to #1794]Flags=...A...., SrcPort=1138, DstPort=1237, PayloadLen=1460, Seq=2567435153 - 2567436613, Ack=3490564634, Win=65274 (scale factor 0x0) = 65274
WHSConnector.exe	XP	WHS  	1237	1138	TCP	TCP:Flags=...A...., SrcPort=1237, DstPort=1138, PayloadLen=0, Seq=3490564634, Ack=2567436613, Win=65535 (scale factor 0x0) = 65535
WHSConnector.exe	WHS  	XP	1138	1237	TCP	TCP:[Continuation to #1794]Flags=...AP..., SrcPort=1138, DstPort=1237, PayloadLen=1329, Seq=2567436613 - 2567437942, Ack=3490564634, Win=65274 (scale factor 0x0) = 65274
WHSConnector.exe	XP	WHS  	1237	1138	TCP	TCP:Flags=...A...., SrcPort=1237, DstPort=1138, PayloadLen=0, Seq=3490564634, Ack=2567437942, Win=64206 (scale factor 0x0) = 64206
WHSConnector.exe	XP	WHS  	1237	1138	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	WHS  	XP	1138	1237	TCP	TCP:Flags=...A...., SrcPort=1138, DstPort=1237, PayloadLen=0, Seq=2567437942, Ack=3490565115, Win=64793 (scale factor 0x0) = 64793
6.png
6.png (35.64 KiB) 2426 mal betrachtet
bis zum Drücken von weiter

Code: Alles auswählen

Discovery.exe					SSDP	
Discovery.exe					HTTP GET	
Discovery.exe					SSDP	
Discovery.exe					HTTP GET	
WHSConnector.exe	WHS  	XP	1138	1237	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	XP	WHS  	1237	1138	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	WHS  	XP	1138	1237	TCP	TCP:Flags=...A...., SrcPort=1138, DstPort=1237, PayloadLen=0, Seq=2567438007, Ack=3490565180, Win=64728 (scale factor 0x0) = 64728
Discovery.exe					SSDP	
WHSConnector.exe	XP	WHS  	1237	1138	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	WHS  	XP	1138	1237	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	XP	WHS  	1237	1138	TCP	TCP:Flags=...A...., SrcPort=1237, DstPort=1138, PayloadLen=0, Seq=3490565431, Ack=2567438268, Win=65535 (scale factor 0x0) = 65535
WHSConnector.exe	WHS  	XP	1138	1237	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	XP	WHS  	1237	1138	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	WHS  	XP	1138	1237	TCP	TCP:Flags=...A...., SrcPort=1138, DstPort=1237, PayloadLen=0, Seq=2567438519, Ack=3490565692, Win=64216 (scale factor 0x0) = 64216
Discovery.exe					HTTP GET	
Discovery.exe					SSDP	
Discovery.exe					HTTP GET	
Discovery.exe					SSDP	
WHSConnector.exe	WHS  	XP	1138	1237	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	XP	WHS  	1237	1138	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	WHS  	XP	1138	1237	TCP	TCP:Flags=...A...., SrcPort=1138, DstPort=1237, PayloadLen=0, Seq=2567438584, Ack=3490565757, Win=64151 (scale factor 0x0) = 64151
Discovery.exe					HTTP GET	
und nach dem Weiter

Code: Alles auswählen

Discovery.exe	XP	WHS  	1222	55000	TCP	TCP:Flags=...A.R.., SrcPort=1222, DstPort=55000, PayloadLen=0, Seq=823433037, Ack=3602924325, Win=0 (scale factor 0x0) = 0
Discovery.exe					SSDP	
	XP	224.0.0.22	#WERT!	#WERT!	IGMP	IGMP:IGMPv3 Membership Report
WHSConnector.exe	XP	WHS  	1237	1138	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	WHS  	XP	1138	1237	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	XP	WHS  	1237	1138	TCP	TCP:Flags=...A...., SrcPort=1237, DstPort=1138, PayloadLen=0, Seq=3490566008, Ack=2567438845, Win=64958 (scale factor 0x0) = 64958
WHSConnector.exe	WHS  	XP	1138	1237	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	XP	WHS  	1237	1138	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	WHS  	XP	1138	1237	TCP	TCP:Flags=...A...., SrcPort=1138, DstPort=1237, PayloadLen=0, Seq=2567439096, Ack=3490566269, Win=65274 (scale factor 0x0) = 65274
Discovery.exe					HTTP GET	
WHSConnector.exe	XP	WHS  	1239	2869	TCP	TCP:Flags=...A.R.., SrcPort=1239, DstPort=2869, PayloadLen=0, Seq=4160271197, Ack=3325895407, Win=0 (scale factor 0x0) = 0
Discovery.exe					SSDP	
Discovery.exe					HTTP GET	
Discovery.exe					SSDP	
WHSConnector.exe	WHS  	XP	1138	1237	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	XP	WHS  	1237	1138	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	WHS  	XP	1138	1237	TCP	TCP:Flags=...A...., SrcPort=1138, DstPort=1237, PayloadLen=0, Seq=2567439161, Ack=3490566334, Win=65209 (scale factor 0x0) = 65209
Discovery.exe					HTTP GET	
7.png
7.png (78.91 KiB) 2426 mal betrachtet

Code: Alles auswählen

Discovery.exe	XP	WHS  	1213	2869	TCP	TCP:Flags=...A.R.., SrcPort=1213, DstPort=2869, PayloadLen=0, Seq=1995854518, Ack=1852066307, Win=0 (scale factor 0x0) = 0
WHSConnector.exe	XP	WHS  	1237	1138	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	WHS  	XP	1138	1237	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	XP	WHS  	1237	1138	TCP	TCP:Flags=...A...., SrcPort=1237, DstPort=1138, PayloadLen=0, Seq=3490566585, Ack=2567439422, Win=64381 (scale factor 0x0) = 64381
WHSConnector.exe	WHS  	XP	1138	1237	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	XP	WHS  	1237	1138	TLS	TLS:TLS Rec Layer-1 SSL Application Data
WHSConnector.exe	WHS  	XP	1138	1237	TCP	TCP:Flags=...A...., SrcPort=1138, DstPort=1237, PayloadLen=0, Seq=2567439673, Ack=3490566846, Win=64697 (scale factor 0x0) = 64697
Ich weiß, das ist sehr unübersichtlich ... aber als Extract sieht man, dass viele Ports verwendet werden .. und wenn einer davon in der Firewall hängen bleibt ...

Code: Alles auswählen

137
138
1083
1138
1212
1213
1215
1216
1217
1218
1219
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1241
1242
1243
1244
1245
1246
1247
1248
1900
2869
8912
55000
56000
wenn man die am Anfang beschriebenen wechselnden POrts der SSDP-Discovery entfernt dann bleiben noch

Code: Alles auswählen

137
138
1083
1138
1213
1222
1228
1236
1237
1238
1239
1900
2869
8912
55000
56000
Bitte Anmerkungen/Ergänzungen per PN an mich
WHS:inzwischen abgeschaltet Acer H340 mit 1x 1 TB (WD10EAVS), 3x 2 TB (2 WD20EARS und 1 ST2000DM001), PP3+UR2
Server:
Intel Celeron J3455 auf Gigabyte Board, Win 10 Pro x64 21H2, 640 GB (System), 16 TB (Backup), 4 TB (Daten), Lindenberg Backup und LightsOut 3
5 Clients:
1 Intel i5-4670K, ASUS H87-PRO, 32 GB, 250 GB SSD, 2x 500 GB, Win 10 Pro x64 21H2
1 Lüfterlos fürs Wohnzimmer, Intel Celeron N4100, 4 GB, 128 GB, Win 11 Pro x64 21H2
1 AMD Ryzen 7 3700X, Gigabyte AORUS, 32 GB, Win 10 Pro x64 2009
1 Sony Vaio EB 2H4E, Win 10 Home x64 2009
1 Samsung NP-R540-JS09DE, Win 10 Pro x64 2009


WHSListTombstones, ein Tool zur Auflistung aller Tombstones
WHSDisks, ein Tool zur Darstellung und Prüfung der DriveExtender-Konfiguration
WHSDiskNames, ein Tool zur Änderung der Plattennamen in der Konsole
WHSBackup, Infos und Tool zur Backup-DB (2011-Version (auch für WSE2012))
Bitte schreibt bei Fragen und Problemen eure Konfig in die Signatur
Antworten