[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[LDM #FFX-692476]: STUN protocol on ldm via a tcpdump


The LDM doesn't do anything special to convert a hostname into an IP address: 
it simply uses the standard system functions to convert the hostname of a 
REQUEST entry into an IP address. So if your LDM-s are using the public IP 
address of your other LDM-s, then either the REQUEST entries are specifying the 
other LDM-s by public IP addresses or the operating systems are converting the 
hostnames into public IP addresses.

Also, the LDM doesn't use the STUN protocol directly. It might use it 
indirectly (and unknowingly) through the operating system.

Are you certain that the internal LDM-s are using their public IP addresses to 

> Just recently we noticed a flag on our IPS involving our internal network 
> talking to the external IP addresses.  So I decided to run tcpdump on our 
> internal interface of our internet connection to see how much traffic was 
> actually trying to connect to our external ip addresses from the internal 
> network ips.
> Our current configuration is internal IP addresses of our server farm are 
> network.
> Our external IP address range is
> We are seeing 3 of our servers, not only talking to each other servers 
> outside our network, but to each other using the external IP addresses as 
> destinations.  Looking further using tcpdump to capture and wireshark to view 
> the data, a protocol called STUN is visible within the traffic.
> -Dave

Steve Emmerson

Ticket Details
Ticket ID: FFX-692476
Department: Support LDM
Priority: Normal
Status: Closed

NOTE: All email exchanges with Unidata User Support are recorded in the Unidata inquiry tracking system and then made publicly available through the web. If you do not want to have your interactions made available in this way, you must let us know in each email you send to us.