PAP2 traffic

Posts: 17 · Posted: Sat Feb 11, 2006 8:52 pm Post subject: PAP2 traffic

To start with, I haven't noticed any noticeable problems, but I was looking through the logs of my firewall and finding traffic that is blocked between my PAP2 Vonage adapter and my gateway/firewall.

As for my setup, I have a Smoothwall firewall/router. It has two two sub-nets... GREEN and ORANGE. GREEN is my normal computer network in the house, with a gateway address of 192.168.0.1. ORANGE is ONLY for my Vonage adapter and has a gateway address of 192.168.1.1. DHCP is enabled on both ORANGE and GREEN networks. I have the DHCP server set to assign the IP address 192.168.1.50 for my PAP2 Vonage adapter's MAC address. I've also done some port-forwarding stuff in order to get it to work right. Again, I'm not having a problem, but in the log, I'm seeing numerous entries like:

Code:

17:22:29 IN=eth2 OUT= MAC={obscured} SRC=192.168.1.50 DST=192.168.1.1 LEN=328 TOS=0x00 PREC=0x00 TTL=250 ID=0 PROTO=UDP SPT=68 DPT=67 LEN=308

Basically, the PAP2 is sending UDP traffic to the gateway from a source port of 68 to the destination's port 67, but it's being blocked. I'm curious as to what this traffic is. I tried asking this question in a Smoothwall forum, but no one responded. I'm hoping it looks familiar to someone here.

Posts: 2 · New Forum Member Joined: Feb 17, 2006 Posts: 2

Port 67 and 68 are DHCP ports, mostly requests back and forth.

Posts: 193 · Vonage Forum Master Joined: Feb 28, 2005 Posts: 193

First diagram:
http://www.freesoft.org/CIE/Course/Section3/7.htm

packet switching:
http://www.loadbalancing.net/glossary.html

I'm by no means knowledgable in this but it just looks like a packet header. Not the data of the packet. So I'm not sure if you can say anything about what it is from or for.

Posts: 2 · New Forum Member Joined: Feb 17, 2006 Posts: 2

It's not a packet header, what he's showing you is a line from his firewalls log. He even states, "but in the log, I'm seeing numerous entries like". And yes, I can tell you that UDP port 67 and 68 ARE DHCP ports! As I have written a DHCP server in the past.

It's really annoying when people don't read things in full.

Also, RonRN18, from the log line. I don't see it saying it dropped it, are you sure it's getting dropped?

Posts: 17 · Posted: Sat Feb 18, 2006 12:13 pm Post subject: Re: re: PAP2 traffic

GotzBoost wrote:

It's not a packet header, what he's showing you is a line from his firewalls log. He even states, "but in the log, I'm seeing numerous entries like". And yes, I can tell you that UDP port 67 and 68 ARE DHCP ports! As I have written a DHCP server in the past.

It's really annoying when people don't read things in full.

Also, RonRN18, from the log line. I don't see it saying it dropped it, are you sure it's getting dropped?

This is from my "firewall" log, which IS blocked traffic. I know that my Snort log isn't necessarily dropped, but the firewall log is.

Even though this traffic is blocked between the PAP2 and my Smoothwall machine, at least it works well. I was just curious as to why I was seeing the traffic. I don't see that type of traffic on other devices in the network... only the PAP2. My DHCP server assigns "everyones" IP address... many based on their MAC address, including the PAP2.