UDP 和我的电脑?
我最近在计算机上打开了 Windows 防火墙日志记录并开始跟踪传入和传出连接。 对日志文件的好奇之处在于,我注意到大量 UDP 数据包(事实上,它基本上构成了我的所有传入流量),这些数据包没有将我的主机作为目标或源显示在日志中。
我认为这可能是 UDP 的实现细节(数据包在子网中的我的计算机上跳跃),但维基百科的 UDP 并没有再启发我,而且我不明白为什么我的计算机应该转发这些数据包第一名。
有任何想法吗?
编辑 1: 以下是包含神秘 UDP 数据包的日志文件行的样子:
2008-10-11 16:04:31 ALLOW UDP 18.243.7.218 239.255.255.250 49152 3702 0 - - - - - - - RECEIVE
239.255.255.250 是广播地址吗? 既然你提到了,我看到的 UDP 数据包有非常具体的目的地,基本上是 224.0.0.252、239.255.255.250、18.243.255.255。 我还收到了发送至 224.0.0.1 的虚拟 ICMP ping。
I recently turned on Windows Firewall logging on my computer and started tracking incoming and outgoing connections. Something curious about the logfiles is that I have noticed numerous UDP packets (in fact, it constitutes basically all of my incoming traffic) that don't have my host as destination or source showing up in the logs.
I thought this might be a implementation detail for UDP (the packets are hopping over my computer in the subnet) but Wikipedia'ing UDP didn't enlighten me any more, and I don't see why my computer should be forwarding these packets in the first place.
Any ideas?
Edit 1: Here is what a log file line with the mysterious UDP packet looks like:
2008-10-11 16:04:31 ALLOW UDP 18.243.7.218 239.255.255.250 49152 3702 0 - - - - - - - RECEIVE
Is 239.255.255.250 a broadcast address? Now that you mention it, the UDP packets I'm seeing have very specific destinations, basically 224.0.0.252, 239.255.255.250, 18.243.255.255. I also get phantom ICMP pings addressed to 224.0.0.1.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
发送到以 239 和 224 开头的 IP 的数据包是多播数据包。 这是一种将流量寻址到一组计算机而不将其广播到整个网络的方法。 它被各种合法协议使用。
224.0.0.252 是链接本地名称解析协议使用的地址。
239.255.255.250 是简单服务发现协议使用的地址。
224.0.0.1 是所有主机地址,路由器使用它来查看谁在您的网络愿意参与多播对话。
发送到 18.243.255.255 的地址看起来像广播,这又被许多合法协议(例如 Bonjour)使用。
正如 Luka 所推荐的,像 Wireshark 这样的优秀协议分析器会准确地告诉您每个数据包是什么以及它们是什么包含。
The packets addressed to IPs starting with 239 and 224 are multicast packets. This is a way to address traffic to a group of computers without broadcasting it to an entire network. It is used by various legitimate protocols.
224.0.0.252 is the address used by the Link Local Name Resolution protocol.
239.255.255.250 is the address used by the Simple Service Discovery Protocol.
224.0.0.1 is the all hosts address, used by your router to see who on your network is willing to participate in multicast conversations.
The ones addressed to 18.243.255.255 look like broadcasts, again this is used by many legitimate protocols such as Bonjour.
As recommended by Luka, a good protocol analyzer like Wireshark will tell you precisely what each of these packets are and what they contain.
这取决于您所使用的连接类型。
在大多数电缆调制解调器 ISP 上,您基本上与邻居位于同一 LAN 上,并且通常可以看到他们的一些流量(如广播)。
我建议您安装数据包嗅探器,看看到底发生了什么。
好的多平台数据包嗅探器是 Wireshark
It depends on the type of connection you are on.
On most cable modem ISP's you are basicly on the same LAN as your neigburs, and can usualy see some of their traffic (like brodcast).
Id recomend you install packet sniffer and see what is realy going on.
Good multiplatform packet sniffer is Wireshark
如果不分析日志数据,很难说,但它们可能是网段上的广播数据包,在这种情况下,您的系统会监听它们。 这在 IPv4 和 IPv6 中是可能的。
你的系统不应该转发它们,除非它被设置为路由,但它当然可以一直监听数据包(各种网络协议使用 UDP)。
Hard to say without analyzing the log data, but they could be broadcast packets on the segment, in which case you're system would listen to them. This is possible in IPv4 and IPv6.
Your system should not be forwarding them unless it's set up to route, but it can certainly be listening to packets all the time (various network protocols use UDP).