惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

W
WeLiveSecurity
The GitHub Blog
The GitHub Blog
Engineering at Meta
Engineering at Meta
Microsoft Azure Blog
Microsoft Azure Blog
The Register - Security
The Register - Security
Stack Overflow Blog
Stack Overflow Blog
博客园 - 三生石上(FineUI控件)
T
Threat Research - Cisco Blogs
S
SegmentFault 最新的问题
V2EX - 技术
V2EX - 技术
Hacker News: Ask HN
Hacker News: Ask HN
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
P
Proofpoint News Feed
J
Java Code Geeks
Microsoft Security Blog
Microsoft Security Blog
M
MIT News - Artificial intelligence
AI
AI
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
P
Proofpoint News Feed
Hacker News - Newest:
Hacker News - Newest: "LLM"
B
Blog
N
News and Events Feed by Topic
N
News | PayPal Newsroom
Google DeepMind News
Google DeepMind News
酷 壳 – CoolShell
酷 壳 – CoolShell
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
WordPress大学
WordPress大学
C
Cybersecurity and Infrastructure Security Agency CISA
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
博客园 - 【当耐特】
U
Unit 42
腾讯CDC
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
The Cloudflare Blog
H
Help Net Security
Recent Announcements
Recent Announcements
P
Privacy & Cybersecurity Law Blog
IT之家
IT之家
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Security Archives - TechRepublic
Security Archives - TechRepublic
L
LINUX DO - 热门话题
Martin Fowler
Martin Fowler
MongoDB | Blog
MongoDB | Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
H
Heimdal Security Blog
博客园 - 聂微东
S
Securelist
大猫的无限游戏
大猫的无限游戏
Cloudbric
Cloudbric
Cisco Talos Blog
Cisco Talos Blog

刘荣星的博客

CentOS7 python2 安装 elasticsearch 模块 在VMWare Workstation虚拟机里使用 yubikey Gentoo Gnome 登陆界面开启触摸板轻击 python3去除emoji表情符号
记录几个内网广播包
JavasBoy · 2021-01-27 · via 刘荣星的博客

最近在VM虚拟机里调试iptables,发现网卡上面有很多DROP的数据包,开启iptables 记录日志功能,发现了以下几个日志非常频繁。

# 开启iptables 记录日志
iptables -A INPUT -i ens38 -j LOG --log-prefix "iptables_INPUT_ens38_DROP: " --log-level notice
iptables -A INPUT -i ens38 -j DROP

iptables -A OUTPUT -o ens38 -j LOG --log-prefix "iptables_OUTPUT_ens38_DROP: " --log-level notice
iptables -A OUTPUT -o ens38 -j DROP

日志文件

Jan 26 21:06:43 localhost kernel: iptables_INPUT_ens38_DROP: IN=ens38 OUT= MAC=ff:ff:ff:ff:ff:ff:00:50:56:c0:00:02:08:00 SRC=192.168.81.1 DST=192.168.81.255 LEN=291 TOS=0x00 PREC=0x00 TTL=128 ID=19920 PROTO=UDP SPT=54915 DPT=54
915 LEN=271 

Jan 27 09:50:13 localhost kernel: iptables_INPUT_ens38_DROP: IN=ens38 OUT= MAC=ff:ff:ff:ff:ff:ff:00:50:56:c0:00:02:08:00 SRC=192.168.81.1 DST=192.168.81.255 LEN=173 TOS=0x00 PREC=0x00 TTL=128 ID=59712 PROTO=UDP SPT=17500 DPT=17500 LEN=153 

第一个 UDP 5419端口的为 鼠标Logitech's 程序的广播包,详细的文档如下:

http://support.moonpoint.com/network/udp/port_54915/

Why may you see UDP packets with a source port of 54915 and a destination port of 54915 being sent to the broadcast address for a subnet? When I searched for information on these packets, I found they are associated with Logitech's Arx control software. Logitech states in regards to that software:

Win the information war and stay ahead of the competition with critical in-game information on your tablet or smartphone. Arx control serves as a second screen for supported titles.

Arx Control lets you monitor and control your Logitech G peripherals without ever leaving the game. Fine-tune your mouse DPI in real time, or call up a list of your G-Key macros for quick reference right on your smartphone or tablet device.

Troubleshoot and monitor your system hardware with GPU/CPU temperatures and usage levels. Control your media or launch games remotely with built-in controls.

Arx Control is available on Android and iOS on tablets and smartphones, and works on any system with Logitech Gaming Software installed. Stand your smartphone upright in the adjustable Arx Smart Dock, on select Logitech keyboards, for convenient viewing.

You can find the software on Apple's App Store at Logitech Arx Control. The page states "This app is only available on the App Store for iOS devices. Apple employs the iOS operating system on its iPhoneiPad, and iPod Touch devices. The software apparently looks for other devices with the Arx Conrol software installed by sending out the broadcast packets to UDP port 54,915 and then waits for those devices to respond.

第二个 UDP 包17500 为 DropBox 的LAN同步功能发的广播包。

关闭掉程序或者禁用这个LAN同步,以上两个广播包消失。