Matt Mossholder on 19 May 2012 08:28:41 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] What is www-ldap-gw Protocol

On Sat, May 19, 2012 at 9:54 AM, Casey Bralla <> wrote:
I'm Âcurrently hacking a "ixp3" clock (it's one of those groovy persistance of
vision clocks, but this one gets messages through the internet).

I've been using wireshark to sniff the packets, and one of ht efirst things this
clock does is contact the mothership with this protocol:

Source           Destination            ÂPacket
ixp3-Clock-Address   Â Âwww-ldap-gw > http [SYN] Seq=0 Win=1500
Len=0 MSS=536 Âixp3-Clock-Address   Âhttp > www-ldap-gw [SYN, ACK] Seq=0
Ack=1 Win=16384 Len=0 MSS=1460

ixp3-Clock-Address   Â Âwww-ldap-gw > http [ACK] Seq=1 Ack=1
Win=1500 Len=0

After this sequence is finished, it relies on http traffic to communicate.

Can anybody explain what this is doing?

You're paying too much attention to the source port. It just happened to choose a random port for the source that also happens to have an entry in /etc/services . ÂIt is probably just straight HTTP.Â

www-ldap-gw is port 1760, a perfectly reasonable port for an application to use as a source port.


Philadelphia Linux Users Group         --
Announcements -
General Discussion  --