Re: IE6 Trying to Connect to UDP Ports
From: Don Kelloway (dkelloway@commodon.com)
Date: 03/19/03
- Next message: Don Kelloway: "Re: Layer 7 firewall Vs Stateful packet inspection firewall"
- Previous message: Jacco Tunnissen: "Re: Fw1, NAT or router problem ?"
- In reply to: Ken: "Re: IE6 Trying to Connect to UDP Ports"
- Next in thread: Ken: "Re: IE6 Trying to Connect to UDP Ports"
- Reply: Ken: "Re: IE6 Trying to Connect to UDP Ports"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Don Kelloway" <dkelloway@commodon.com> Date: Wed, 19 Mar 2003 15:49:57 GMT
Ken,
Thanks for the reply.
re: TCP, UDP, HTTP and sniffers, oh my!
Please don't take this the wrong way. I'm familiar with Transport Layer
protocols (TCP, UDP), Application Layer protocols (HTTP) and sniffers
(SnifferPro, EtherReal, NetSpy). This is attributed to a strong background
in web filtering/blocking technology.
re: 'In all the HTTP packet captures...'
My bad. I should have said "With all the packet captures..." <grin>. When
I was referring to the packet captures conducted, they were being performed
locally so as to not lose anything.
re: your capture
It certainly appears that in the capture you conducted, the IE process is
responsible for a UDP 2471 packet sent to the loopback. However I do not
think this is the norm. Are you (or the original poster) using any sort of
local web-caching software?
I too just launched IE6 and ran NetSpy to capture all local traffic. While
surfing various external websites, all of the captured traffic was reflected
as either DNS (UDP) or HTTP (TCP) activity. There wasn't a single UDP
packet sent from and to the local system. Everything was accounted for. Is
it possible that the personal firewall you're using is responsible?
-- Best regards, Don Kelloway Commodon Communications http://www.commodon.com "Ken" <ng2087@ke9nr.#nospam#.net> wrote in message news:1ksf7vg04bbn9fmjo14kqphqm5dve851fi@4ax.com... > Hi Don - > > On Tue, 18 Mar 2003 18:33:23 GMT, "Don Kelloway" > <dkelloway@commodon.com> wrote: > > >In all the HTTP packet captures I've performed, I've never seen Internet > >Explorer use UDP to access its own cache. In fact I've never seen Internet > >Explorer use UDP at all. If you can provide further insight and/or > >documentation, I would be most interested and grateful... > > The UDP is not HTTP. Also HTTP is TCP and UDP is obviously not TCP, > it's UDP. And since it's only on the local system, if you are > capturing packets on a router or external firewall you won't see the > packets at all. > > I rarely use IE, but with Kerio Personal Firewall set to log > everything to 127.0.0.1, when I did use IE one time, I had a HUGE log. > I created a special rule to allow IE UDP access to 127.0.0.1 without > logging. > > I disabled the special rule and ran IE. Here's one of many log > entries: > > 2,[18/Mar/2003 20:46:14] Rule 'Loopback': Permitted: Out UDP, > localhost:2471->(null) [127.0.0.1:2471], Owner: C:\PROGRAM > FILES\PLUS!\MICROSOFT INTERNET\IEXPLORE.EXE > > Ken > http://www.ke9nr.net/
- Next message: Don Kelloway: "Re: Layer 7 firewall Vs Stateful packet inspection firewall"
- Previous message: Jacco Tunnissen: "Re: Fw1, NAT or router problem ?"
- In reply to: Ken: "Re: IE6 Trying to Connect to UDP Ports"
- Next in thread: Ken: "Re: IE6 Trying to Connect to UDP Ports"
- Reply: Ken: "Re: IE6 Trying to Connect to UDP Ports"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
