On 21/05/13 18:09, steve-ALUG@hst.me.uk wrote:
On 21/05/13 17:06, mick wrote:
On Tue, 21 May 2013 14:59:27 +0100 steve-ALUG@hst.me.uk allegedly wrote:
{}Wireshark comes to mind. Am I right?
Certainly. Or if running on a server, try tcpdump and then run the output file through wireshark.
I used tcpdump and ran it through wireshark. I switched on the drive both with the firewall and without.
I discovered that the drive connects from port 20001 (microsan) to 42469 and back again (udp) (though I don't know how, as there's nothing listening AFAIK)
The problem though turned out to be SSDP - Simple Service Discovery Protocol - the basis for UPnP. "Services are announced by the hosting system with multicast addressing to a specifically designated IP multicast address at UDP port number 1900. In IPv4, the multicast address is 239.255.255.250" (Wikipedia)
Which made me remember my firewall rule 192.168.55.66 ALLOW 192.168.55.0/24 had previously been ANYWHERE ALLOW 192.168.55.0/24
I had updated it to "try to make it more secure". I had reasoned that there was only 127.0.0.1 and 192.168.55.66 being used on my server, so limiting the ip address to just the one address would be fine. It obviously isn't!
Thanks for the pointers Steve