RE: RE: VoIP

From: Scott Morris (swm@emanon.com)
Date: Sat Mar 19 2005 - 20:37:42 GMT-3

Interesting stuff. However, that's not what Cisco does then! :)

Just to prove that I'm not going insane:

IP packet debugging is on (detailed)
Emanon-R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Emanon-R1(config)#
Mar 20 18:30:07.537: IP: s=15.15.15.15 (Serial0/0.1), d=24.24.24.24, len 44,
rcvd 4
Mar 20 18:30:07.537: TCP src=11007, dst=2065, seq=1547805728, ack=0,
win=4128 SYN
Mar 20 18:30:07.541: IP: s=24.24.24.24 (local), d=15.15.15.15 (Serial0/0.1),
len 44, sending
Mar 20 18:30:07.541: TCP src=2065, dst=11007, seq=2929398231,
ack=1547805729, win=4128 ACK SYN
Mar 20 18:30:07.561: IP: s=15.15.15.15 (Serial0/0.1), d=24.24.24.24, len 40,
rcvd 4
Mar 20 18:30:07.561: TCP src=11007, dst=2065, seq=1547805729,
ack=2929398232, win=20480 ACK
Mar 20 18:30:07.565: IP: s=24.24.24.24 (local), d=15.15.15.15 (Serial0/0.1),
len 40, sending
Mar 20 18:30:07.565: TCP src=2065, dst=11007, seq=2929398232, ack=0,
win=20480 RST
Emanon-R1(config)#dlsw remote-peer 0 tcp 15.15.15.15
Emanon-R1(config)#
Mar 20 18:30:23.537: IP: s=15.15.15.15 (Serial0/0.1), d=24.24.24.24, len 44,
rcvd 4
Mar 20 18:30:23.537: TCP src=11008, dst=2065, seq=2048433379, ack=0,
win=4128 SYN
Mar 20 18:30:23.541: IP: s=24.24.24.24 (local), d=15.15.15.15 (Serial0/0.1),
len 44, sending
Mar 20 18:30:23.541: TCP src=2065, dst=11008, seq=3918973955,
ack=2048433380, win=4128 ACK SYN
Mar 20 18:30:23.561: IP: s=15.15.15.15 (Serial0/0.1), d=24.24.24.24, len 40,
rcvd 4
Mar 20 18:30:23.561: TCP src=11008, dst=2065, seq=2048433380,
ack=3918973956, win=20480 ACK
Mar 20 18:30:23.585: IP: s=15.15.15.15 (Serial0/0.1), d=24.24.24.24, len 44,
rcvd 4
Mar 20 18:30:23.585: TCP src=2065, dst=18552, seq=685337829,
ack=292058472, win=4128 ACK SYN
Mar 20 18:30:23.661: IP: s=15.15.15.15 (Serial0/0.1), d=24.24.24.24, len
472, rcvd 4
Mar 20 18:30:23.661: TCP src=11008, dst=2065, seq=2048433380,
ack=3918973956, win=20480 ACK PSH
Mar 20 18:30:23.665: IP: s=24.24.24.24 (local), d=15.15.15.15 (Serial0/0.1),
len 40, sending
Mar 20 18:30:23.665: TCP src=2065, dst=11008, seq=3918973956,
ack=2048433812, win=20048 ACK
Mar 20 18:30:23.669: IP: s=15.15.15.15 (Serial0/0.1), d=24.24.24.24, len 40,
rcvd 4
Mar 20 18:30:23.669: TCP src=2065, dst=18552, seq=685337830,
ack=292058932, win=20020 ACK
Mar 20 18:30:23.693: IP: s=15.15.15.15 (Serial0/0.1), d=24.24.24.24, len
116, rcvd 4
Mar 20 18:30:23.693: TCP src=11008, dst=2065, seq=2048433812,
ack=3918973956, win=20480 ACK PSH
Mar 20 18:30:23.697: IP: s=24.24.24.24 (local), d=15.15.15.15 (Serial0/0.1),
len 40, sending
Mar 20 18:30:23.697: TCP src=2065, dst=11008, seq=3918973956,
ack=2048433888, win=19972 ACK
Mar 20 18:30:23.701: IP: s=15.15.15.15 (Serial0/0.1), d=24.24.24.24, len 40,
rcvd 4
Mar 20 18:30:23.701: TCP src=2065, dst=18552, seq=685337830,
ack=292059008, win=20480 ACK
Mar 20 18:30:23.705: IP: s=24.24.24.24 (local), d=15.15.15.15 (Serial0/0.1),
len 40, sending
Mar 20 18:30:23.705: TCP src=2065, dst=11008, seq=3918973956, ack=0,
win=19972 RST
Emanon-R1(config)#end
1w6d: %SYS-5-CONFIG_I: Configured from console by console
Emanon-R1#sh dlsw peer
Emanon-R1#sh dlsw peer
Peers: state pkts_rx pkts_tx type drops ckts TCP
uptime
 TCP 15.15.15.15 CONNECT 2 2 conf 0 0 0
00:00:09
Total number of connected peers: 1
Total number of connections: 1

Emanon-R1#
Emanon-R1#un all
All possible debugging has been turned off
Emanon-R1#
Mar 20 18:30:34.893: IP: s=172.17.155.5 (Serial0/1), d=172.17.155.1, len 40,
rcvd 0
Mar 20 18:30:34.893: TCP src=1928, dst=179, seq=134472096,
ack=2767802283, win=15624 ACK
Emanon-R1#
Emanon-R1#

I edited out the BGP and other non-interesting IP stuff... But you'll see
that as soon as things initiated, it was destined to port 2065 from a port
between 11000 and 11999.

Looks like I'll have to do more digging to see if a later RFC than that
changed things...

But yes, I know that H.245 is set to do the same thing.

Scott

-----Original Message-----
From: Joe Smith [mailto:j333smith@hotmail.com]
Sent: Saturday, March 19, 2005 5:28 PM
To: swm@emanon.com; ccielab@groupstudy.com
Subject: RE: RE: VoIP

Scott,

I didn't find the random source ports in the range of 11000-11999 for DLSW
only a random source port that was not 2065 or 2067. I know H.245 uses
ports 11000-11999.

RfC 2166:
6.2.1.1 TCP Port Numbers

   DLSws implementing these enhancements will use a TCP destination port
   of 2067 (as opposed to RFC 1795 which uses 2065) for single session
   TCP connections. The source port will be a random port number using
   the established TCP norms which exclude the possibility of either
   2065 or 2067.

Joe

>From: "Scott Morris" <swm@emanon.com>
>Reply-To: "Scott Morris" <swm@emanon.com>
>To: <mcodina@nwncable.com>, <ccielab@groupstudy.com>
>Subject: RE: RE: VoIP
>Date: Sat, 19 Mar 2005 13:53:32 -0500
>
>Actually that's the original method (RFC 1789 if memory serves). RFC
>2166 changed things.
>
>Source is random port between 11000-11999 and destination is 2065.
>
>HTH,
>
>Scott
>
>-----Original Message-----
>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>mcodina@nwncable.com
>Sent: Saturday, March 19, 2005 1:15 PM
>To: ccielab@groupstudy.com
>Subject: Re: RE: VoIP
>
>I agree, and besides that, you need to know the protocols processes
>very well in order to filter. For example DLSw+ traffic needs to be
>filtered both from the 2065 port and to the 2065 port. That's why I
>asked for a good source on Traffic Filtering, looking for details.
>
>Mauricio
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html

This archive was generated by hypermail 2.1.4 : Sun Apr 03 2005 - 17:56:48 GMT-3