嗅探我的 SOHO 网络后,我注意到与 UPNP 服务相关的多播地址的负担最重。
网络上有 1 个外部驱动器。我认为网络驱动器将使用 SMB2 而不是 SSDP 是否正确?
UPNP 经常使用 SSDP 和不同的数据包长度进行多播是否正常?
之前在这里问过这个问题: https ://networkengineering.stackexchange.com/questions/71813/testing-multicast-problem
但我被指出来了。
我使用这个工具:https ://www.winsocketdotnetworkprogramming.com/winsock2programming/winsock2advancedmulticast9a.html
关闭 Windows 防火墙并关闭 ESET 安全防火墙。
使用:
C:\2>ipconfig
Windows IP Configuration
Ethernet adapter Połączenie lokalne:
Connection-specific DNS Suffix . :
IPv4 Address. . . . . . . . . . . : 192.168.1.103
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
Ethernet adapter Ethernet 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
C:\2>mcastws1.exe -b 192.168.1.103 -s
socket handle = 0x000000BC
Binding to 192.168.1.103
Joined group: [224.0.0.255]:25000
Set sending interface to: 0.0.0.0
Set multicast ttl to: 8
Sent 1024 bytes to [224.0.0.255]:25000
Sent 1024 bytes to [224.0.0.255]:25000
Sent 1024 bytes to [224.0.0.255]:25000
Sent 1024 bytes to [224.0.0.255]:25000
Sent 1024 bytes to [224.0.0.255]:25000
Sent 1024 bytes to [224.0.0.255]:25000
Sent 1024 bytes to [224.0.0.255]:25000
Sent 1024 bytes to [224.0.0.255]:25000
^C
C:\2>
我得到这样的结果:
z:\2>ipconfig
Windows IP Configuration
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . :
IPv4 Address. . . . . . . . . . . : 192.168.1.102
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
z:\2>mcastws1.exe -b 192.168.1.102
socket handle = 0x00000100
Binding to [192.168.1.102]:25000
Joined group: [224.0.0.255]:25000
Set sending interface to: 0.0.0.0
Set multicast ttl to: 8
^C
z:\2>
问题:为什么我没有得到类似的结果: https ://www.winsocketdotnetworkprogramming.com/winsock2programming/winsock2advancedmulticast9_files/winsock2multicast009.png
我想找到我加入的多播组的 IP。但是,从 netstat -ng 获得的所有 IP 都是这些:
root@me:~# netstat -ng
IPv6/IPv4 Group Memberships
Interface RefCnt Group
--------------- ------ ---------------------
lo 1 224.0.0.1
enp2s0 1 224.0.0.1
wlp1s0 1 224.0.0.251
wlp1s0 1 224.0.0.1
lo 1 ff02::1
lo 1 ff01::1
enp2s0 1 ff02::1
enp2s0 1 ff01::1
wlp1s0 1 ff02::1:ff00:1002
wlp1s0 1 ff02::1:ffec:fbef
wlp1s0 1 ff02::1:ff46:409f
wlp1s0 1 ff02::1:ff2f:ca73
wlp1s0 1 ff02::1
所有这些 IP 都是通用的(所有节点和类似节点),我想知道我到底在哪个网络中。我在 nmap 中找到了一些东西:
root@me:~# nmap --script broadcast-igmp-discovery lo
Starting Nmap 7.60 ( https://nmap.org ) at 2019-07-25 22:12 -03
Pre-scan script results:
| broadcast-igmp-discovery:
| 192.168.0.80
| Interface: wlp1s0
| Version: 2
| Group: 224.0.0.251
| Description: mDNS (rfc6762)
| 192.168.0.80
| Interface: wlp1s0
| Version: 2
| Group: 224.0.0.252
| Description: Link-local Multicast Name Resolution (rfc4795)
| 192.168.0.80
| Interface: wlp1s0
| Version: 2
| Group: 239.255.255.250
| Description: Organization-Local Scope (rfc2365)
|_ Use the newtargets script-arg to add the results as targets
Failed to resolve "lo".
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 8.13 seconds
你们有什么感想?
我希望tcpdump通过数据包长度缩小我的范围。我知道我可以`| grep 但我想知道我是否可以将这个特定的数据包长度作为“tcpdump”中的一个选项传递。我正在尝试编写一个脚本,使用以下命令向我展示网络上所有存在的 MPEG-TS 多播:
sudo tcpdump -c 1000 -ti <network_interface> multicast | grep 1316 | sort | uniq
所以这个命令有效并准确地给出了我想要的输出,但我想我可以通过在tcpdump命令中传递长度来简化它,比如:
sudo tcpdump -c 1000 -ti <network_interface> multicast and length 1316 | sort | uniq