Multiple udp ports in netstat -lnp ?

nipil · Post by **nipil** » Sun Nov 03, 2013 1:00 am

Hello,

Something tickled my curisosity. I'm using transmission-daemon 2.52-3+nmu1 from Debian wheezy, i've kept the default config except configuring up/down throttling, and i'm using the default port 51413 (which is fully opened).

And besides tcp 9091, tcp 51413, udp 51413 there are 3 other (random?) ports in use, as shown bellow.

I thought it might be linked with DHT/PEX/UTP (3 ports, 3 fonctions, these numbers rang a bell in my head), but i was wrong as turning these params to false, the 3 ports were still appearing every relaunch, with different values everytime.

And i'm surprised to see that there are no incoming data to these ports (no drops of udp packets for these port numbers according to my fw logs). And Upnp is disabled as far as i know (minissdpd was not installed). Besides, the peer-port-random settings in my config are deactivated anyway : false / low 49152 / high 65535

Sooo... what are these UDP ports used for ?

Thanks in advance for any information.

Code: Select all

$ sudo netstat -lnp4 (known ports removed from listing)

first start
Proto Recv-Q Send-Q Adresse locale          Adresse distante        Etat        PID/Program name
...
udp        0      0 0.0.0.0:32823           0.0.0.0:*                           26897/transmission-
udp        0      0 0.0.0.0:37637           0.0.0.0:*                           26897/transmission-
udp        0      0 0.0.0.0:39906           0.0.0.0:*                           26897/transmission-
...

after a restart
Proto Recv-Q Send-Q Adresse locale          Adresse distante        Etat        PID/Program name
...
udp        0      0 0.0.0.0:45905           0.0.0.0:*                           26959/transmission-
udp        0      0 0.0.0.0:46598           0.0.0.0:*                           26959/transmission-
udp        0      0 0.0.0.0:57961           0.0.0.0:*                           26959/transmission-
...

after another restart
Proto Recv-Q Send-Q Adresse locale          Adresse distante        Etat        PID/Program name
...
udp        0      0 0.0.0.0:40253           0.0.0.0:*                           27249/transmission-
udp        0      0 0.0.0.0:46004           0.0.0.0:*                           27249/transmission-
udp        0      0 0.0.0.0:52757           0.0.0.0:*                           27249/transmission-
...

blacke4dawn · Post by **blacke4dawn** » Sun Nov 03, 2013 8:27 am

Deactivating peer-ports setting will make the full normal range available, it's only used if you want to restrict Transmission to a sub-set of that.

Normal procedure is that new connections are initiated on one specific port (for a specific purpose) and then "handed" of to a random "free" port for actual communication. It's done so in the IP-standard because, afaik, that was the most efficient way to keep several different "clients" separate that are behind the same IP.

nipil · Post by **nipil** » Sun Nov 03, 2013 11:30 am

So you're both saying that there is a range of "dynamically listening" udp ports used by the daemon in addition to the fixed port of the config, i think i understand the reasons for it now.

What i am not understanding is that the above-mentionned port numbers are outside the peer-port-random-low / peer-port-random-high (49152 / 65535) setting of my config files.

If that's normal, what's the real "full normal range available" you're talking about ?

nipil · Post by **nipil** » Sun Nov 03, 2013 7:32 pm

Ok thanks.

So they are dynamic ports, and placed in the range of the usual (tcp source) ephemeral ports...

Last question is : firewalling-wise, the first packet using these ports is incoming (ie net2fw rules in shorewall) or outgoing (fw2net rules in shorewall) ?

rb07 · Post by **rb07** » Sun Nov 03, 2013 10:48 pm

nipil wrote:So they are dynamic ports

Dynamic in the sense the port which is used, not in any other sense (i.e. they won't change while the daemon is running; there won't be more, or less, open listening ports).

nipil wrote:firewalling-wise, the first packet using these ports is incoming

They're not used to communicate to the Internet, or even the LAN, the firewall shouldn't allow any communication other than with the localhost.

AFAIK they are created and used by the pthreads library, one per thread.

blacke4dawn · Post by **blacke4dawn** » Sun Nov 03, 2013 11:00 pm

nipil wrote:firewalling-wise, the first packet using these ports is incoming (ie net2fw rules in shorewall) or outgoing (fw2net rules in shorewall) ?

From my knowledge they should be handled by any rules that manages established and/or related connections, long time since I took a deeper look at it so it might be termed something different.

nipil · Post by **nipil** » Tue Nov 05, 2013 5:11 am

Your answers are awesome guys.
Thanks a lot for all the very precise information regarding these additionnal ports.
It's very satisfying to understand what actually happens !

Transmission

Multiple udp ports in netstat -lnp ?

Multiple udp ports in netstat -lnp ?

Re: Multiple udp ports in netstat -lnp ?

Re: Multiple udp ports in netstat -lnp ?

Re: Multiple udp ports in netstat -lnp ?

Re: Multiple udp ports in netstat -lnp ?

Re: Multiple udp ports in netstat -lnp ?

Re: Multiple udp ports in netstat -lnp ?