Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Camera accessing Internet question

    Scheduled Pinned Locked Moved General pfSense Questions
    9 Posts 2 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • X Offline
      xman111
      last edited by

      Hey guys, quick question for you.  Bought a few Hikvision (Chinese) brand cameras and read some reports of them trying to phone home, etc.  I put them on a VLAN and once I read this, i put a block rule on that segment.  The firewall seems to be blocking and they look like they are maybe DNS requests but does this activity look normal?  Sorry for the screenshot, it is off my Android Teamviewing into my computer.

      Screenshot_2016-09-22-13-16-16.png
      Screenshot_2016-09-22-13-16-16.png_thumb

      1 Reply Last reply Reply Quote 0
      • johnpozJ Offline
        johnpoz LAYER 8 Global Moderator
        last edited by

        They doing some sort of dns query sure.. Just sniff the traffic and see what they are looking for..

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 25.07.1 | Lab VMs 2.8, 25.07.1

        1 Reply Last reply Reply Quote 0
        • X Offline
          xman111
          last edited by

          thanks, as always John, will try tonight when I get home.

          1 Reply Last reply Reply Quote 0
          • X Offline
            xman111
            last edited by

            here is a partial capture, it's all greek to me..

            18:22:09.298907 IP6 fe80::6981:4e44:b5e8:a7bb.52721 > ff02::c.1900: UDP, length 146
18:22:10.124357 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:22:11.117780 ARP, Request who-has 192.168.50.1 (40:8d:5c:b7:7b:e1 (oui Unknown)) tell Server.localdomain, length 46
18:22:11.117804 ARP, Reply 192.168.50.1 is-at 40:8d:5c:b7:7b:e1 (oui Unknown), length 28
18:22:12.124326 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:22:12.298935 IP6 fe80::6981:4e44:b5e8:a7bb.52721 > ff02::c.1900: UDP, length 146
18:22:12.991038 IP Server.localdomain.55999 > 192.168.50.255.32414: UDP, length 21
18:22:12.991042 IP Server.localdomain.55998 > 192.168.50.255.32412: UDP, length 21
18:22:14.124269 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:22:14.766766 IP Camera1.localdomain.51236 > 192.168.50.1.domain: UDP, length 34
18:22:14.766801 IP Camera1.localdomain.51236 > 192.168.50.1.domain: UDP, length 34
18:22:15.299137 IP6 fe80::6981:4e44:b5e8:a7bb.52721 > ff02::c.1900: UDP, length 146
18:22:15.839007 IP Camera3.localdomain.41634 > 192.168.50.1.domain: UDP, length 34
18:22:15.839040 IP Camera3.localdomain.41634 > 192.168.50.1.domain: UDP, length 34
18:22:16.124225 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:22:16.676194 IP jm-in-f189.1e100.net.https > Server.localdomain.56999: UDP, length 40
18:22:16.702126 IP Server.localdomain.56999 > jm-in-f189.1e100.net.https: UDP, length 39
18:22:17.990270 IP Server.localdomain.55999 > 192.168.50.255.32414: UDP, length 21
18:22:17.990283 IP Server.localdomain.55998 > 192.168.50.255.32412: UDP, length 21
18:22:18.124185 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:22:18.588149 IP Server.localdomain.53501 > jm-in-f101.1e100.net.https: tcp 1
18:22:18.657066 IP jm-in-f101.1e100.net.https > Server.localdomain.53501: tcp 0
18:22:18.942660 IP li1184-134.members.linode.com.https > Server.localdomain.52989: tcp 34
18:22:19.148172 IP Server.localdomain.52989 > li1184-134.members.linode.com.https: tcp 0
18:22:19.299407 IP6 fe80::6981:4e44:b5e8:a7bb.52721 > ff02::c.1900: UDP, length 146
18:22:19.771962 IP Camera1.localdomain.51730 > 192.168.50.1.domain: UDP, length 34
18:22:19.771981 IP Camera1.localdomain.51730 > 192.168.50.1.domain: UDP, length 34
18:22:20.124141 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:22:20.843144 IP Camera3.localdomain.47704 > 192.168.50.1.domain: UDP, length 34
18:22:20.843186 IP Camera3.localdomain.47704 > 192.168.50.1.domain: UDP, length 34
18:22:21.762178 IP Camera2.localdomain.56021 > 192.168.50.1.domain: UDP, length 34
18:22:21.762216 IP Camera2.localdomain.56021 > 192.168.50.1.domain: UDP, length 34
18:22:22.124108 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:22:22.299454 IP6 fe80::6981:4e44:b5e8:a7bb.52721 > ff02::c.1900: UDP, length 146
18:22:22.990553 IP Server.localdomain.55999 > 192.168.50.255.32414: UDP, length 21
18:22:22.990568 IP Server.localdomain.55998 > 192.168.50.255.32412: UDP, length 21
18:22:24.124058 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:22:24.777933 IP Camera1.localdomain.51106 > 192.168.50.1.domain: UDP, length 34
18:22:24.777967 IP Camera1.localdomain.51106 > 192.168.50.1.domain: UDP, length 34
18:22:25.299622 IP6 fe80::6981:4e44:b5e8:a7bb.52721 > ff02::c.1900: UDP, length 146
18:22:25.848083 IP Camera3.localdomain.38016 > 192.168.50.1.domain: UDP, length 34
18:22:25.848116 IP Camera3.localdomain.38016 > 192.168.50.1.domain: UDP, length 34
18:22:26.124027 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:22:26.767133 IP Camera2.localdomain.43351 > 192.168.50.1.domain: UDP, length 34
18:22:26.767169 IP Camera2.localdomain.43351 > 192.168.50.1.domain: UDP, length 34
18:22:27.990745 IP Server.localdomain.55999 > 192.168.50.255.32414: UDP, length 21
18:22:27.990764 IP Server.localdomain.55998 > 192.168.50.255.32412: UDP, length 21
18:22:28.123973 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:22:28.943192 IP li1184-134.members.linode.com.https > Server.localdomain.52989: tcp 34
18:22:29.148746 IP Server.localdomain.52989 > li1184-134.members.linode.com.https: tcp 0
18:22:29.299882 IP6 fe80::6981:4e44:b5e8:a7bb.52721 > ff02::c.1900: UDP, length 146
18:22:29.781886 IP Camera1.localdomain.48476 > 192.168.50.1.domain: UDP, length 34
18:22:29.781909 IP Camera1.localdomain.48476 > 192.168.50.1.domain: UDP, length 34
18:22:29.963204 LLDP, length 63: SG300-10PP
18:22:30.123990 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:22:30.207845 IP Server.localdomain.59107 > 239.255.255.250.1900: UDP, length 94
18:22:30.852690 IP Camera3.localdomain.35222 > 192.168.50.1.domain: UDP, length 34
18:22:30.852723 IP Camera3.localdomain.35222 > 192.168.50.1.domain: UDP, length 34
18:22:31.676840 IP Server.localdomain.56999 > jm-in-f189.1e100.net.https: UDP, length 23
18:22:31.771840 IP Camera2.localdomain.41148 > 192.168.50.1.domain: UDP, length 34
18:22:31.771856 IP Camera2.localdomain.41148 > 192.168.50.1.domain: UDP, length 34
18:22:31.889851 IP Server.localdomain.56999 > jm-in-f189.1e100.net.https: UDP, length 23
18:22:32.040927 IP Server.localdomain.56999 > jm-in-f189.1e100.net.https: UDP, length 23
18:22:32.121836 IP Server.localdomain.53507 > jm-in-f84.1e100.net.https: tcp 1
18:22:32.123910 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:22:32.139539 IP jm-in-f189.1e100.net.https > Server.localdomain.56999: UDP, length 31
18:22:32.188833 IP Server.localdomain.53509 > jm-in-f17.1e100.net.https: tcp 1
18:22:32.196890 IP jm-in-f84.1e100.net.https > Server.localdomain.53507: tcp 0
18:22:32.259574 IP jm-in-f17.1e100.net.https > Server.localdomain.53509: tcp 0
18:22:32.299959 IP6 fe80::6981:4e44:b5e8:a7bb.52721 > ff02::c.1900: UDP, length 146
18:22:32.375516 IP jm-in-f189.1e100.net.https > Server.localdomain.56999: UDP, length 31
18:22:32.586807 IP Server.localdomain.53506 > lhr25s08-in-f132.1e100.net.https: tcp 1
18:22:32.630909 IP Server.localdomain.53510 > io-in-f156.1e100.net.https: tcp 1
18:22:32.707915 IP io-in-f156.1e100.net.https > Server.localdomain.53510: tcp 0
18:22:32.743897 IP lhr25s08-in-f132.1e100.net.https > Server.localdomain.53506: tcp 0
18:22:32.989978 IP Server.localdomain.55998 > 192.168.50.255.32412: UDP, length 21
18:22:32.989981 IP Server.localdomain.55999 > 192.168.50.255.32414: UDP, length 21
18:22:33.228145 IP jm-in-f101.1e100.net.https > Server.localdomain.53501: tcp 63
18:22:33.228293 IP jm-in-f101.1e100.net.https > Server.localdomain.53501: tcp 0
18:22:33.228449 IP Server.localdomain.53501 > jm-in-f101.1e100.net.https: tcp 0
18:22:33.228586 IP Server.localdomain.53501 > jm-in-f101.1e100.net.https: tcp 0
18:22:33.297585 IP jm-in-f101.1e100.net.https > Server.localdomain.53501: tcp 0
18:22:34.123856 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:22:35.300082 IP6 fe80::6981:4e44:b5e8:a7bb.52721 > ff02::c.1900: UDP, length 146
18:22:36.123832 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:22:36.776612 IP Camera2.localdomain.57706 > 192.168.50.1.domain: UDP, length 34
18:22:36.776647 IP Camera2.localdomain.57706 > 192.168.50.1.domain: UDP, length 34
18:22:37.805691 IP Server.localdomain.55950 > 192.168.50.1.domain: UDP, length 33
18:22:37.981480 IP 192.168.50.1.domain > Server.localdomain.55950: UDP, length 286
18:22:37.982244 IP Server.localdomain.53512 > jm-in-f139.1e100.net.https: tcp 0
18:22:37.990244 IP Server.localdomain.55998 > 192.168.50.255.32412: UDP, length 21
18:22:37.990249 IP Server.localdomain.55999 > 192.168.50.255.32414: UDP, length 21
18:22:38.055528 IP jm-in-f139.1e100.net.https > Server.localdomain.53512: tcp 0
18:22:38.055720 IP Server.localdomain.53512 > jm-in-f139.1e100.net.https: tcp 0
18:22:38.056018 IP Server.localdomain.53512 > jm-in-f139.1e100.net.https: tcp 196
18:22:38.123585 IP jm-in-f139.1e100.net.https > Server.localdomain.53512: tcp 0
18:22:38.123777 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:22:38.124534 IP jm-in-f139.1e100.net.https > Server.localdomain.53512: tcp 1430
18:22:38.124543 IP jm-in-f139.1e100.net.https > Server.localdomain.53512: tcp 1430
18:22:38.124641 IP jm-in-f139.1e100.net.https > Server.localdomain.53512: tcp 1342
18:22:38.124845 IP Server.localdomain.53512 > jm-in-f139.1e100.net.https: tcp 0
18:22:38.127574 IP Server.localdomain.53512 > jm-in-f139.1e100.net.https: tcp 258
18:22:38.129824 IP Server.localdomain.53512 > jm-in-f139.1e100.net.https: tcp 53
18:22:38.129832 IP Server.localdomain.53512 > jm-in-f139.1e100.net.https: tcp 50
18:22:38.129839 IP Server.localdomain.53512 > jm-in-f139.1e100.net.https: tcp 42
18:22:38.130181 IP Server.localdomain.53512 > jm-in-f139.1e100.net.https: tcp 1375
18:22:38.130205 IP Server.localdomain.53512 > jm-in-f139.1e100.net.https: tcp 323
18:22:38.196010 IP jm-in-f139.1e100.net.https > Server.localdomain.53512: tcp 294
18:22:38.196018 IP jm-in-f139.1e100.net.https > Server.localdomain.53512: tcp 62
18:22:38.196026 IP jm-in-f139.1e100.net.https > Server.localdomain.53512: tcp 42
18:22:38.196175 IP Server.localdomain.53512 > jm-in-f139.1e100.net.https: tcp 0
18:22:38.196548 IP Server.localdomain.53512 > jm-in-f139.1e100.net.https: tcp 38
18:22:38.202545 IP jm-in-f139.1e100.net.https > Server.localdomain.53512: tcp 0
18:22:38.202552 IP jm-in-f139.1e100.net.https > Server.localdomain.53512: tcp 38
18:22:38.202726 IP jm-in-f139.1e100.net.https > Server.localdomain.53512: tcp 0
18:22:38.211799 IP jm-in-f139.1e100.net.https > Server.localdomain.53512: tcp 250
18:22:38.211810 IP jm-in-f139.1e100.net.https > Server.localdomain.53512: tcp 307
18:22:38.211980 IP Server.localdomain.53512 > jm-in-f139.1e100.net.https: tcp 0
18:22:38.212877 IP Server.localdomain.53512 > jm-in-f139.1e100.net.https: tcp 46
18:22:38.279756 IP jm-in-f139.1e100.net.https > Server.localdomain.53512: tcp 0
18:22:38.944324 IP li1184-134.members.linode.com.https > Server.localdomain.52989: tcp 34
18:22:39.142167 IP Server.localdomain.52989 > li1184-134.members.linode.com.https: tcp 0
18:22:39.300449 IP6 fe80::6981:4e44:b5e8:a7bb.52721 > ff02::c.1900: UDP, length 146
18:22:40.123748 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:22:40.630241 CDPv2, ttl: 180s, Device-ID '0057d2eaa625', length 159
18:22:42.123709 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:22:42.300401 IP6 fe80::6981:4e44:b5e8:a7bb.52721 > ff02::c.1900: UDP, length 146
18:22:42.990439 IP Server.localdomain.55998 > 192.168.50.255.32412: UDP, length 21
18:22:42.990441 IP Server.localdomain.55999 > 192.168.50.255.32414: UDP, length 21
18:22:44.123661 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:22:44.787052 IP Camera1.localdomain.60579 > 192.168.50.1.domain: UDP, length 34
18:22:44.787110 IP Camera1.localdomain.60579 > 192.168.50.1.domain: UDP, length 34
18:22:45.300560 IP6 fe80::6981:4e44:b5e8:a7bb.52721 > ff02::c.1900: UDP, length 146
18:22:45.859737 IP Camera3.localdomain.56442 > 192.168.50.1.domain: UDP, length 34
18:22:45.859759 IP Camera3.localdomain.56442 > 192.168.50.1.domain: UDP, length 34
18:22:45.920356 IP jm-in-f189.1e100.net.https > Server.localdomain.56999: UDP, length 40
18:22:45.946531 IP Server.localdomain.56999 > jm-in-f189.1e100.net.https: UDP, length 42
18:22:46.123608 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:22:46.677329 IP jm-in-f84.1e100.net.https > Server.localdomain.53507: tcp 63
18:22:46.677760 IP Server.localdomain.53507 > jm-in-f84.1e100.net.https: tcp 0
18:22:46.678944 IP jm-in-f84.1e100.net.https > Server.localdomain.53507: tcp 0
18:22:46.679095 IP Server.localdomain.53507 > jm-in-f84.1e100.net.https: tcp 0
18:22:46.745476 IP jm-in-f84.1e100.net.https > Server.localdomain.53507: tcp 0
18:22:46.755760 IP lhr25s08-in-f132.1e100.net.https > Server.localdomain.53506: tcp 63
18:22:46.756176 IP Server.localdomain.53506 > lhr25s08-in-f132.1e100.net.https: tcp 0
18:22:46.757005 IP lhr25s08-in-f132.1e100.net.https > Server.localdomain.53506: tcp 0
18:22:46.757134 IP Server.localdomain.53506 > lhr25s08-in-f132.1e100.net.https: tcp 0
18:22:46.868826 IP jm-in-f17.1e100.net.https > Server.localdomain.53509: tcp 63
18:22:46.869018 IP jm-in-f17.1e100.net.https > Server.localdomain.53509: tcp 0
18:22:46.869155 IP Server.localdomain.53509 > jm-in-f17.1e100.net.https: tcp 0
18:22:46.869288 IP Server.localdomain.53509 > jm-in-f17.1e100.net.https: tcp 0
18:22:46.910307 IP lhr25s08-in-f132.1e100.net.https > Server.localdomain.53506: tcp 0
18:22:46.942484 IP jm-in-f17.1e100.net.https > Server.localdomain.53509: tcp 0
18:22:47.141547 IP Server.localdomain.53363 > jc-in-f188.1e100.net.5228: tcp 1
18:22:47.217726 IP jc-in-f188.1e100.net.5228 > Server.localdomain.53363: tcp 0
18:22:47.245579 IP io-in-f156.1e100.net.https > Server.localdomain.53510: tcp 63
18:22:47.245774 IP io-in-f156.1e100.net.https > Server.localdomain.53510: tcp 0
18:22:47.245891 IP Server.localdomain.53510 > io-in-f156.1e100.net.https: tcp 0
18:22:47.245901 IP Server.localdomain.53510 > io-in-f156.1e100.net.https: tcp 0
18:22:47.322090 IP io-in-f156.1e100.net.https > Server.localdomain.53510: tcp 0
18:22:47.990714 IP Server.localdomain.55998 > 192.168.50.255.32412: UDP, length 21
18:22:47.990742 IP Server.localdomain.55999 > 192.168.50.255.32414: UDP, length 21
18:22:48.123571 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:22:48.943364 IP li1184-134.members.linode.com.https > Server.localdomain.52989: tcp 34
18:22:49.142638 IP Server.localdomain.52989 > li1184-134.members.linode.com.https: tcp 0
18:22:49.300911 IP6 fe80::6981:4e44:b5e8:a7bb.52721 > ff02::c.1900: UDP, length 146
18:22:49.792040 IP Camera1.localdomain.56006 > 192.168.50.1.domain: UDP, length 34
18:22:49.792067 IP Camera1.localdomain.56006 > 192.168.50.1.domain: UDP, length 34
18:22:50.123543 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:22:50.863071 IP Camera3.localdomain.44066 > 192.168.50.1.domain: UDP, length 34
18:22:50.863114 IP Camera3.localdomain.44066 > 192.168.50.1.domain: UDP, length 34
18:22:51.783565 IP Camera2.localdomain.44549 > 192.168.50.1.domain: UDP, length 34
18:22:51.783601 IP Camera2.localdomain.44549 > 192.168.50.1.domain: UDP, length 34
18:22:52.123495 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:22:52.300891 IP6 fe80::6981:4e44:b5e8:a7bb.52721 > ff02::c.1900: UDP, length 146
18:22:52.989951 IP Server.localdomain.55999 > 192.168.50.255.32414: UDP, length 21
18:22:52.989953 IP Server.localdomain.55998 > 192.168.50.255.32412: UDP, length 21
18:22:54.123458 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:22:54.797363 IP Camera1.localdomain.51556 > 192.168.50.1.domain: UDP, length 34
18:22:54.797399 IP Camera1.localdomain.51556 > 192.168.50.1.domain: UDP, length 34
18:22:55.301086 IP6 fe80::6981:4e44:b5e8:a7bb.52721 > ff02::c.1900: UDP, length 146
18:22:55.869002 IP Camera3.localdomain.50512 > 192.168.50.1.domain: UDP, length 34
18:22:55.869036 IP Camera3.localdomain.50512 > 192.168.50.1.domain: UDP, length 34
18:22:56.123413 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:22:56.787966 IP Camera2.localdomain.53358 > 192.168.50.1.domain: UDP, length 34
18:22:56.787985 IP Camera2.localdomain.53358 > 192.168.50.1.domain: UDP, length 34
18:22:57.433168 IP Server.localdomain.51564 > server22603.teamviewer.com.https: tcp 24
18:22:57.596652 IP server22603.teamviewer.com.https > Server.localdomain.51564: tcp 24
18:22:57.793071 IP Server.localdomain.51564 > server22603.teamviewer.com.https: tcp 0
18:22:57.990218 IP Server.localdomain.55998 > 192.168.50.255.32412: UDP, length 21
18:22:57.990248 IP Server.localdomain.55999 > 192.168.50.255.32414: UDP, length 21
18:22:58.123375 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:22:58.759276 IP Server.localdomain.55951 > 239.255.255.250.1900: UDP, length 174
18:22:58.944084 IP li1184-134.members.linode.com.https > Server.localdomain.52989: tcp 34
18:22:59.143144 IP Server.localdomain.52989 > li1184-134.members.linode.com.https: tcp 0
18:22:59.301419 IP6 fe80::6981:4e44:b5e8:a7bb.52721 > ff02::c.1900: UDP, length 146
18:22:59.760230 IP Server.localdomain.55951 > 239.255.255.250.1900: UDP, length 174
18:22:59.798167 IP Camera1.localdomain.43788 > 192.168.50.1.domain: UDP, length 34
18:22:59.798194 IP Camera1.localdomain.43788 > 192.168.50.1.domain: UDP, length 34
18:22:59.962539 LLDP, length 63: SG300-10PP
18:23:00.123338 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:23:00.208302 IP Server.localdomain.59107 > 239.255.255.250.1900: UDP, length 94
18:23:00.760282 IP Server.localdomain.55951 > 239.255.255.250.1900: UDP, length 174
18:23:00.873821 IP Camera3.localdomain.53437 > 192.168.50.1.domain: UDP, length 34
18:23:00.873891 IP Camera3.localdomain.53437 > 192.168.50.1.domain: UDP, length 34
18:23:00.921296 IP Server.localdomain.56999 > jm-in-f189.1e100.net.https: UDP, length 23
18:23:01.105834 IP jm-in-f189.1e100.net.https > Server.localdomain.56999: UDP, length 31
18:23:01.761283 IP Server.localdomain.55951 > 239.255.255.250.1900: UDP, length 174
18:23:01.793548 IP Camera2.localdomain.45965 > 192.168.50.1.domain: UDP, length 34
18:23:01.793590 IP Camera2.localdomain.45965 > 192.168.50.1.domain: UDP, length 34
18:23:02.123286 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:23:02.301458 IP6 fe80::6981:4e44:b5e8:a7bb.52721 > ff02::c.1900: UDP, length 146
18:23:02.596417 IP Server.localdomain.51564 > server22603.teamviewer.com.https: tcp 24
18:23:02.819040 IP server22603.teamviewer.com.https > Server.localdomain.51564: tcp 0
18:23:02.990494 IP Server.localdomain.55999 > 192.168.50.255.32414: UDP, length 21
18:23:02.990506 IP Server.localdomain.55998 > 192.168.50.255.32412: UDP, length 21
18:23:03.699058 IP Server.localdomain.58269 > 192.168.50.1.domain: UDP, length 41
18:23:03.781134 IP 192.168.50.1.domain > Server.localdomain.58269: UDP, length 260
18:23:03.792847 IP Server.localdomain.58270 > jl-in-f190.1e100.net.https: UDP, length 1350
18:23:03.804834 IP Server.localdomain.53513 > jl-in-f190.1e100.net.https: tcp 0
18:23:03.875938 IP jl-in-f190.1e100.net.https > Server.localdomain.53513: tcp 0
18:23:03.876164 IP Server.localdomain.53513 > jl-in-f190.1e100.net.https: tcp 0
18:23:03.876524 IP Server.localdomain.53513 > jl-in-f190.1e100.net.https: tcp 204
18:23:03.888405 IP jl-in-f190.1e100.net.https > Server.localdomain.58270: UDP, length 1350
18:23:03.889388 IP Server.localdomain.58270 > jl-in-f190.1e100.net.https: UDP, length 384
18:23:03.889419 IP Server.localdomain.58270 > jl-in-f190.1e100.net.https: UDP, length 1153
18:23:03.913732 IP jl-in-f190.1e100.net.https > Server.localdomain.58270: UDP, length 27
18:23:03.915357 IP Server.localdomain.58270 > jl-in-f190.1e100.net.https: UDP, length 38
18:23:03.945939 IP jl-in-f190.1e100.net.https > Server.localdomain.53513: tcp 0
18:23:03.948313 IP jl-in-f190.1e100.net.https > Server.localdomain.53513: tcp 1430
18:23:03.948323 IP jl-in-f190.1e100.net.https > Server.localdomain.53513: tcp 1430
18:23:03.948332 IP jl-in-f190.1e100.net.https > Server.localdomain.53513: tcp 1236
18:23:03.948341 IP jl-in-f190.1e100.net.https > Server.localdomain.53513: tcp 107
18:23:03.948535 IP Server.localdomain.53513 > jl-in-f190.1e100.net.https: tcp 0
18:23:03.951326 IP Server.localdomain.53513 > jl-in-f190.1e100.net.https: tcp 258
18:23:03.953690 IP Server.localdomain.53513 > jl-in-f190.1e100.net.https: tcp 53
18:23:03.953699 IP Server.localdomain.53513 > jl-in-f190.1e100.net.https: tcp 50
18:23:03.953709 IP Server.localdomain.53513 > jl-in-f190.1e100.net.https: tcp 42
18:23:03.983493 IP jl-in-f190.1e100.net.https > Server.localdomain.58270: UDP, length 30
18:23:03.985710 IP jl-in-f190.1e100.net.https > Server.localdomain.58270: UDP, length 1029
18:23:03.986668 IP Server.localdomain.61790 > 192.168.50.1.domain: UDP, length 47
18:23:04.011455 IP Server.localdomain.58270 > jl-in-f190.1e100.net.https: UDP, length 38
18:23:04.026830 IP jl-in-f190.1e100.net.https > Server.localdomain.53513: tcp 294
18:23:04.026839 IP jl-in-f190.1e100.net.https > Server.localdomain.53513: tcp 62
18:23:04.026848 IP jl-in-f190.1e100.net.https > Server.localdomain.53513: tcp 42
18:23:04.026857 IP jl-in-f190.1e100.net.https > Server.localdomain.53513: tcp 38
18:23:04.027072 IP Server.localdomain.53513 > jl-in-f190.1e100.net.https: tcp 0
18:23:04.027382 IP Server.localdomain.53513 > jl-in-f190.1e100.net.https: tcp 38
18:23:04.067310 IP 192.168.50.1.domain > Server.localdomain.61790: UDP, length 314
18:23:04.079078 IP Server.localdomain.61791 > iu-in-f113.1e100.net.https: UDP, length 1350
18:23:04.079288 IP Server.localdomain.61791 > iu-in-f113.1e100.net.https: UDP, length 357
18:23:04.091900 IP Server.localdomain.53514 > iu-in-f113.1e100.net.https: tcp 0
18:23:04.123253 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:23:04.138543 IP jl-in-f190.1e100.net.https > Server.localdomain.53513: tcp 0
18:23:04.163626 IP iu-in-f113.1e100.net.https > Server.localdomain.53514: tcp 0
18:23:04.163830 IP Server.localdomain.53514 > iu-in-f113.1e100.net.https: tcp 0
18:23:04.164101 IP Server.localdomain.53514 > iu-in-f113.1e100.net.https: tcp 210
18:23:04.182501 IP Server.localdomain.61791 > iu-in-f113.1e100.net.https: UDP, length 1350
18:23:04.190595 IP jl-in-f190.1e100.net.https > Server.localdomain.58270: UDP, length 1029
18:23:04.216426 IP Server.localdomain.58270 > jl-in-f190.1e100.net.https: UDP, length 35
18:23:04.234959 IP iu-in-f113.1e100.net.https > Server.localdomain.53514: tcp 0
18:23:04.235780 IP iu-in-f113.1e100.net.https > Server.localdomain.53514: tcp 1430
18:23:04.235907 IP iu-in-f113.1e100.net.https > Server.localdomain.53514: tcp 1430
18:23:04.236029 IP iu-in-f113.1e100.net.https > Server.localdomain.53514: tcp 1344
18:23:04.236233 IP Server.localdomain.53514 > iu-in-f113.1e100.net.https: tcp 0
18:23:04.238889 IP Server.localdomain.53514 > iu-in-f113.1e100.net.https: tcp 258
18:23:04.241173 IP Server.localdomain.53514 > iu-in-f113.1e100.net.https: tcp 53
18:23:04.241182 IP Server.localdomain.53514 > iu-in-f113.1e100.net.https: tcp 50
18:23:04.241192 IP Server.localdomain.53514 > iu-in-f113.1e100.net.https: tcp 42
18:23:04.308423 IP iu-in-f113.1e100.net.https > Server.localdomain.53514: tcp 310
18:23:04.308432 IP iu-in-f113.1e100.net.https > Server.localdomain.53514: tcp 62
18:23:04.308441 IP iu-in-f113.1e100.net.https > Server.localdomain.53514: tcp 42
18:23:04.308449 IP iu-in-f113.1e100.net.https > Server.localdomain.53514: tcp 38
18:23:04.308656 IP Server.localdomain.53514 > iu-in-f113.1e100.net.https: tcp 0
18:23:04.308997 IP Server.localdomain.53514 > iu-in-f113.1e100.net.https: tcp 38
18:23:04.389621 IP Server.localdomain.61791 > iu-in-f113.1e100.net.https: UDP, length 1350
18:23:04.415135 IP iu-in-f113.1e100.net.https > Server.localdomain.53514: tcp 0
18:23:04.468322 IP iu-in-f113.1e100.net.https > Server.localdomain.61791: UDP, length 1350
18:23:04.468738 IP iu-in-f113.1e100.net.https > Server.localdomain.61791: UDP, length 27
18:23:04.468870 IP iu-in-f113.1e100.net.https > Server.localdomain.61791: UDP, length 413
18:23:04.469408 IP Server.localdomain.61791 > iu-in-f113.1e100.net.https: UDP, length 41
18:23:04.469905 IP Server.localdomain.61791 > iu-in-f113.1e100.net.https: UDP, length 122
18:23:04.562631 IP iu-in-f113.1e100.net.https > Server.localdomain.61791: UDP, length 1350
18:23:04.588526 IP Server.localdomain.61791 > iu-in-f113.1e100.net.https: UDP, length 35
18:23:04.656876 IP iu-in-f113.1e100.net.https > Server.localdomain.61791: UDP, length 409
18:23:04.658023 IP Server.localdomain.61791 > iu-in-f113.1e100.net.https: UDP, length 133
18:23:04.877497 IP Server.localdomain.61791 > iu-in-f113.1e100.net.https: UDP, length 120
18:23:04.878034 IP iu-in-f113.1e100.net.https > Server.localdomain.61791: UDP, length 393
18:23:04.903432 IP Server.localdomain.61791 > iu-in-f113.1e100.net.https: UDP, length 35
18:23:04.945988 IP iu-in-f113.1e100.net.https > Server.localdomain.61791: UDP, length 1350
18:23:04.945997 IP iu-in-f113.1e100.net.https > Server.localdomain.61791: UDP, length 1350
18:23:04.946560 IP iu-in-f113.1e100.net.https > Server.localdomain.61791: UDP, length 1350
18:23:04.946570 IP Server.localdomain.61791 > iu-in-f113.1e100.net.https: UDP, length 38
18:23:04.946737 IP iu-in-f113.1e100.net.https > Server.localdomain.61791: UDP, length 1350
18:23:04.946953 IP Server.localdomain.61791 > iu-in-f113.1e100.net.https: UDP, length 38
18:23:04.947261 IP iu-in-f113.1e100.net.https > Server.localdomain.61791: UDP, length 1350
18:23:04.947270 IP iu-in-f113.1e100.net.https > Server.localdomain.61791: UDP, length 1350
18:23:04.947667 IP Server.localdomain.61791 > iu-in-f113.1e100.net.https: UDP, length 38
18:23:04.947961 IP iu-in-f113.1e100.net.https > Server.localdomain.61791: UDP, length 1350
18:23:04.947971 IP iu-in-f113.1e100.net.https > Server.localdomain.61791: UDP, length 645
18:23:04.948287 IP Server.localdomain.61791 > iu-in-f113.1e100.net.https: UDP, length 38
18:23:04.949143 IP Server.localdomain.61791 > iu-in-f113.1e100.net.https: UDP, length 124
18:23:04.969166 IP iu-in-f113.1e100.net.https > Server.localdomain.61791: UDP, length 30
18:23:05.096790 IP iu-in-f113.1e100.net.https > Server.localdomain.61791: UDP, length 1350
18:23:05.122468 IP Server.localdomain.61791 > iu-in-f113.1e100.net.https: UDP, length 38
18:23:05.164492 IP Server.localdomain.61791 > iu-in-f113.1e100.net.https: UDP, length 124
18:23:05.189348 IP iu-in-f113.1e100.net.https > Server.localdomain.61791: UDP, length 39
18:23:05.189724 IP iu-in-f113.1e100.net.https > Server.localdomain.61791: UDP, length 184
18:23:05.215461 IP Server.localdomain.61791 > iu-in-f113.1e100.net.https: UDP, length 38
18:23:05.301508 IP6 fe80::6981:4e44:b5e8:a7bb.52721 > ff02::c.1900: UDP, length 146
18:23:05.308117 IP iu-in-f113.1e100.net.https > Server.localdomain.61791: UDP, length 30
18:23:05.401159 IP iu-in-f113.1e100.net.https > Server.localdomain.61791: UDP, length 171
18:23:05.427470 IP Server.localdomain.61791 > iu-in-f113.1e100.net.https: UDP, length 38
18:23:06.123209 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:23:06.799105 IP Camera2.localdomain.51131 > 192.168.50.1.domain: UDP, length 34
18:23:06.799133 IP Camera2.localdomain.51131 > 192.168.50.1.domain: UDP, length 34
18:23:07.989715 IP Server.localdomain.55999 > 192.168.50.255.32414: UDP, length 21
18:23:07.989724 IP Server.localdomain.55998 > 192.168.50.255.32412: UDP, length 21
18:23:08.123167 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:23:08.944874 IP li1184-134.members.linode.com.https > Server.localdomain.52989: tcp 34
18:23:09.143599 IP Server.localdomain.52989 > li1184-134.members.linode.com.https: tcp 0
18:23:09.301921 IP6 fe80::6981:4e44:b5e8:a7bb.52721 > ff02::c.1900: UDP, length 146
18:23:10.123134 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:23:10.929024 IP jm-in-f189.1e100.net.https > Server.localdomain.56999: UDP, length 40
18:23:10.954746 IP Server.localdomain.56999 > jm-in-f189.1e100.net.https: UDP, length 39
18:23:12.123096 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:23:12.301963 IP6 fe80::6981:4e44:b5e8:a7bb.52721 > ff02::c.1900: UDP, length 146
18:23:12.989916 IP Server.localdomain.55999 > 192.168.50.255.32414: UDP, length 21
18:23:12.989927 IP Server.localdomain.55998 > 192.168.50.255.32412: UDP, length 21
18:23:14.123059 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:23:14.802634 IP Camera1.localdomain.53299 > 192.168.50.1.domain: UDP, length 34
18:23:14.802653 IP Camera1.localdomain.53299 > 192.168.50.1.domain: UDP, length 34
18:23:15.302078 IP6 fe80::6981:4e44:b5e8:a7bb.52721 > ff02::c.1900: UDP, length 146
18:23:15.880437 IP Camera3.localdomain.40280 > 192.168.50.1.domain: UDP, length 34
18:23:15.880482 IP Camera3.localdomain.40280 > 192.168.50.1.domain: UDP, length 34
18:23:16.123017 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:23:17.990175 IP Server.localdomain.55999 > 192.168.50.255.32414: UDP, length 21
18:23:17.990209 IP Server.localdomain.55998 > 192.168.50.255.32412: UDP, length 21
18:23:18.122976 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:23:18.946191 IP li1184-134.members.linode.com.https > Server.localdomain.52989: tcp 34
18:23:19.144172 IP Server.localdomain.52989 > li1184-134.members.linode.com.https: tcp 0
18:23:19.302431 IP6 fe80::6981:4e44:b5e8:a7bb.52721 > ff02::c.1900: UDP, length 146
18:23:19.806016 IP Camera1.localdomain.37277 > 192.168.50.1.domain: UDP, length 34
18:23:19.806035 IP Camera1.localdomain.37277 > 192.168.50.1.domain: UDP, length 34
18:23:20.122934 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:23:20.883861 IP Camera3.localdomain.46205 > 192.168.50.1.domain: UDP, length 34
18:23:20.883881 IP Camera3.localdomain.46205 > 192.168.50.1.domain: UDP, length 34
18:23:21.804702 IP Camera2.localdomain.42249 > 192.168.50.1.domain: UDP, length 34
18:23:21.804739 IP Camera2.localdomain.42249 > 192.168.50.1.domain: UDP, length 34
18:23:22.122889 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:23:22.302397 IP6 fe80::6981:4e44:b5e8:a7bb.52721 > ff02::c.1900: UDP, length 146
18:23:22.990391 IP Server.localdomain.55999 > 192.168.50.255.32414: UDP, length 21
18:23:22.990405 IP Server.localdomain.55998 > 192.168.50.255.32412: UDP, length 21
18:23:23.274362 IP Server.localdomain.53512 > jm-in-f139.1e100.net.https: tcp 1
18:23:23.343933 IP jm-in-f139.1e100.net.https > Server.localdomain.53512: tcp 0
18:23:24.122849 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:23:24.810615 IP Camera1.localdomain.53183 > 192.168.50.1.domain: UDP, length 34
18:23:24.810653 IP Camera1.localdomain.53183 > 192.168.50.1.domain: UDP, length 34
18:23:25.302565 IP6 fe80::6981:4e44:b5e8:a7bb.52721 > ff02::c.1900: UDP, length 146
18:23:25.886401 IP Camera3.localdomain.40284 > 192.168.50.1.domain: UDP, length 34
18:23:25.886419 IP Camera3.localdomain.40284 > 192.168.50.1.domain: UDP, length 34
18:23:25.930485 IP Server.localdomain.56999 > jm-in-f189.1e100.net.https: UDP, length 23
18:23:26.027766 IP jm-in-f189.1e100.net.https > Server.localdomain.56999: UDP, length 31
18:23:26.122808 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:23:26.808969 IP Camera2.localdomain.60241 > 192.168.50.1.domain: UDP, length 34
18:23:26.808984 IP Camera2.localdomain.60241 > 192.168.50.1.domain: UDP, length 34
18:23:27.989662 IP Server.localdomain.55999 > 192.168.50.255.32414: UDP, length 21
18:23:27.989674 IP Server.localdomain.55998 > 192.168.50.255.32412: UDP, length 21
18:23:28.122767 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:23:28.947421 IP li1184-134.members.linode.com.https > Server.localdomain.52989: tcp 34
18:23:29.144598 IP Server.localdomain.52989 > li1184-134.members.linode.com.https: tcp 0
18:23:29.302871 IP6 fe80::6981:4e44:b5e8:a7bb.52721 > ff02::c.1900: UDP, length 146
18:23:29.815441 IP Camera1.localdomain.44409 > 192.168.50.1.domain: UDP, length 34
18:23:29.815479 IP Camera1.localdomain.44409 > 192.168.50.1.domain: UDP, length 34
18:23:29.961926 LLDP, length 63: SG300-10PP
18:23:30.122728 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:23:30.207779 IP Server.localdomain.59107 > 239.255.255.250.1900: UDP, length 94
18:23:30.891414 IP Camera3.localdomain.43110 > 192.168.50.1.domain: UDP, length 34
18:23:30.891445 IP Camera3.localdomain.43110 > 192.168.50.1.domain: UDP, length 34
18:23:31.812041 IP Camera2.localdomain.47758 > 192.168.50.1.domain: UDP, length 34
18:23:31.812065 IP Camera2.localdomain.47758 > 192.168.50.1.domain: UDP, length 34
18:23:32.122728 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:23:32.216794 IP Server.localdomain.53363 > jc-in-f188.1e100.net.5228: tcp 1
18:23:32.294229 IP jc-in-f188.1e100.net.5228 > Server.localdomain.53363: tcp 0
18:23:32.302950 IP6 fe80::6981:4e44:b5e8:a7bb.52721 > ff02::c.1900: UDP, length 146
18:23:32.989881 IP Server.localdomain.55998 > 192.168.50.255.32412: UDP, length 21
18:23:32.989883 IP Server.localdomain.55999 > 192.168.50.255.32414: UDP, length 21
18:23:34.122635 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:23:35.303024 IP6 fe80::6981:4e44:b5e8:a7bb.52721 > ff02::c.1900: UDP, length 146
18:23:36.122607 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:23:36.817360 IP Camera2.localdomain.58592 > 192.168.50.1.domain: UDP, length 34
18:23:36.817435 IP Camera2.localdomain.58592 > 192.168.50.1.domain: UDP, length 34
18:23:37.067616 ARP, Request who-has 192.168.50.1 tell Camera2.localdomain, length 46
18:23:37.067625 ARP, Reply 192.168.50.1 is-at 40:8d:5c:b7:7b:e1 (oui Unknown), length 28
18:23:37.068635 ARP, Request who-has 192.168.50.1 tell Camera1.localdomain, length 46
18:23:37.068640 ARP, Reply 192.168.50.1 is-at 40:8d:5c:b7:7b:e1 (oui Unknown), length 28
18:23:37.069183 ARP, Request who-has 192.168.50.1 tell Camera3.localdomain, length 46
18:23:37.069188 ARP, Reply 192.168.50.1 is-at 40:8d:5c:b7:7b:e1 (oui Unknown), length 28
18:23:37.990229 IP Server.localdomain.55998 > 192.168.50.255.32412: UDP, length 21
18:23:37.990235 IP Server.localdomain.55999 > 192.168.50.255.32414: UDP, length 21
18:23:38.122567 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:23:38.977654 IP li1184-134.members.linode.com.https > Server.localdomain.52989: tcp 34
18:23:39.175103 IP Server.localdomain.52989 > li1184-134.members.linode.com.https: tcp 0
18:23:39.303374 IP6 fe80::6981:4e44:b5e8:a7bb.52721 > ff02::c.1900: UDP, length 146
18:23:39.765101 IP jm-in-f189.1e100.net.https > Server.localdomain.56999: UDP, length 40
18:23:39.791214 IP Server.localdomain.56999 > jm-in-f189.1e100.net.https: UDP, length 39
18:23:40.122519 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:23:40.629026 CDPv2, ttl: 180s, Device-ID '0057d2eaa625', length 159
18:23:42.122485 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:23:42.303460 IP6 fe80::6981:4e44:b5e8:a7bb.52721 > ff02::c.1900: UDP, length 146
18:23:42.989431 IP Server.localdomain.55998 > 192.168.50.255.32412: UDP, length 21
18:23:42.989468 IP Server.localdomain.55999 > 192.168.50.255.32414: UDP, length 21
18:23:44.117357 ARP, Request who-has 192.168.50.1 (40:8d:5c:b7:7b:e1 (oui Unknown)) tell Server.localdomain, length 46
18:23:44.117367 ARP, Reply 192.168.50.1 is-at 40:8d:5c:b7:7b:e1 (oui Unknown), length 28
18:23:44.122445 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:23:44.819973 IP Camera1.localdomain.35439 > 192.168.50.1.domain: UDP, length 34
18:23:44.820016 IP Camera1.localdomain.35439 > 192.168.50.1.domain: UDP, length 34
18:23:45.303554 IP6 fe80::6981:4e44:b5e8:a7bb.52721 > ff02::c.1900: UDP, length 146
18:23:45.894478 IP Camera3.localdomain.53406 > 192.168.50.1.domain: UDP, length 34
18:23:45.894503 IP Camera3.localdomain.53406 > 192.168.50.1.domain: UDP, length 34
18:23:46.122404 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:23:47.989635 IP Server.localdomain.55998 > 192.168.50.255.32412: UDP, length 21
18:23:47.989637 IP Server.localdomain.55999 > 192.168.50.255.32414: UDP, length 21
18:23:48.122359 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:23:48.326567 IP Camera1.localdomain.39682 > ec2-52-20-73-96.compute-1.amazonaws.com.6800: tcp 281
18:23:48.428393 IP ec2-52-20-73-96.compute-1.amazonaws.com.6800 > Camera1.localdomain.39682: tcp 142
18:23:48.428599 IP Camera1.localdomain.39682 > ec2-52-20-73-96.compute-1.amazonaws.com.6800: tcp 0
18:23:48.948646 IP li1184-134.members.linode.com.https > Server.localdomain.52989: tcp 34
18:23:49.136552 IP Server.localdomain.53513 > jl-in-f190.1e100.net.https: tcp 1
18:23:49.145527 IP Server.localdomain.52989 > li1184-134.members.linode.com.https: tcp 0
18:23:49.209986 IP jl-in-f190.1e100.net.https > Server.localdomain.53513: tcp 0
18:23:49.303778 IP6 fe80::6981:4e44:b5e8:a7bb.52721 > ff02::c.1900: UDP, length 146
18:23:49.417594 IP Server.localdomain.53514 > iu-in-f113.1e100.net.https: tcp 1
18:23:49.494552 IP iu-in-f113.1e100.net.https > Server.localdomain.53514: tcp 0
18:23:49.822597 IP Camera1.localdomain.52375 > 192.168.50.1.domain: UDP, length 34
18:23:49.822630 IP Camera1.localdomain.52375 > 192.168.50.1.domain: UDP, length 34
18:23:50.122328 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:23:50.900354 IP Camera3.localdomain.46043 > 192.168.50.1.domain: UDP, length 34
18:23:50.900398 IP Camera3.localdomain.46043 > 192.168.50.1.domain: UDP, length 34
18:23:51.821330 IP Camera2.localdomain.59278 > 192.168.50.1.domain: UDP, length 34
18:23:51.821362 IP Camera2.localdomain.59278 > 192.168.50.1.domain: UDP, length 34
18:23:52.122284 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:23:52.303895 IP6 fe80::6981:4e44:b5e8:a7bb.52721 > ff02::c.1900: UDP, length 146
18:23:52.595911 IP Server.localdomain.51564 > server22603.teamviewer.com.https: tcp 24
18:23:52.806754 IP server22603.teamviewer.com.https > Server.localdomain.51564: tcp 24
18:23:52.989911 IP Server.localdomain.55998 > 192.168.50.255.32412: UDP, length 21
18:23:52.989932 IP Server.localdomain.55999 > 192.168.50.255.32414: UDP, length 21
18:23:53.005769 IP Server.localdomain.51564 > server22603.teamviewer.com.https: tcp 0
18:23:54.122239 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:23:54.765896 IP Server.localdomain.56999 > jm-in-f189.1e100.net.https: UDP, length 23
18:23:54.827886 IP Camera1.localdomain.46493 > 192.168.50.1.domain: UDP, length 34
18:23:54.827907 IP Camera1.localdomain.46493 > 192.168.50.1.domain: UDP, length 34
18:23:54.914326 IP jm-in-f189.1e100.net.https > Server.localdomain.56999: UDP, length 31
18:23:55.304014 IP6 fe80::6981:4e44:b5e8:a7bb.52721 > ff02::c.1900: UDP, length 146
18:23:55.904244 IP Camera3.localdomain.44507 > 192.168.50.1.domain: UDP, length 34
18:23:55.904275 IP Camera3.localdomain.44507 > 192.168.50.1.domain: UDP, length 34
18:23:56.122198 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:23:56.827014 IP Camera2.localdomain.57731 > 192.168.50.1.domain: UDP, length 34
18:23:56.827074 IP Camera2.localdomain.57731 > 192.168.50.1.domain: UDP, length 34
18:23:57.807104 IP Server.localdomain.51564 > server22603.teamviewer.com.https: tcp 24
18:23:57.990113 IP Server.localdomain.55998 > 192.168.50.255.32412: UDP, length 21
18:23:57.990120 IP Server.localdomain.55999 > 192.168.50.255.32414: UDP, length 21
18:23:58.019395 IP server22603.teamviewer.com.https > Server.localdomain.51564: tcp 0
18:23:58.122161 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:23:58.948159 IP li1184-134.members.linode.com.https > Server.localdomain.52989: tcp 34
18:23:59.146060 IP Server.localdomain.52989 > li1184-134.members.linode.com.https: tcp 0
18:23:59.304355 IP6 fe80::6981:4e44:b5e8:a7bb.52721 > ff02::c.1900: UDP, length 146
18:23:59.831966 IP Camera1.localdomain.60252 > 192.168.50.1.domain: UDP, length 34
18:23:59.831986 IP Camera1.localdomain.60252 > 192.168.50.1.domain: UDP, length 34
18:23:59.961318 LLDP, length 63: SG300-10PP
18:24:00.122111 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:24:00.207205 IP Server.localdomain.59107 > 239.255.255.250.1900: UDP, length 94
18:24:00.909644 IP Camera3.localdomain.48361 > 192.168.50.1.domain: UDP, length 34
18:24:00.909737 IP Camera3.localdomain.48361 > 192.168.50.1.domain: UDP, length 34
18:24:01.830242 IP Camera2.localdomain.45437 > 192.168.50.1.domain: UDP, length 34
18:24:01.830323 IP Camera2.localdomain.45437 > 192.168.50.1.domain: UDP, length 34
18:24:02.122076 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:24:02.304324 IP6 fe80::6981:4e44:b5e8:a7bb.52721 > ff02::c.1900: UDP, length 146
18:24:02.989446 IP Server.localdomain.55999 > 192.168.50.255.32414: UDP, length 21
18:24:02.989460 IP Server.localdomain.55998 > 192.168.50.255.32412: UDP, length 21
18:24:04.122033 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:24:05.304516 IP6 fe80::6981:4e44:b5e8:a7bb.52721 > ff02::c.1900: UDP, length 146
18:24:06.122004 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:24:06.581694 IP jm-in-f189.1e100.net.https > Server.localdomain.56999: UDP, length 40
18:24:06.607511 IP Server.localdomain.56999 > jm-in-f189.1e100.net.https: UDP, length 39
18:24:06.793099 IP jm-in-f189.1e100.net.https > Server.localdomain.56999: UDP, length 40
18:24:06.819442 IP Server.localdomain.56999 > jm-in-f189.1e100.net.https: UDP, length 36
18:24:06.834569 IP Camera2.localdomain.53872 > 192.168.50.1.domain: UDP, length 34
18:24:06.834599 IP Camera2.localdomain.53872 > 192.168.50.1.domain: UDP, length 34
18:24:07.989611 IP Server.localdomain.55999 > 192.168.50.255.32414: UDP, length 21
18:24:07.989628 IP Server.localdomain.55998 > 192.168.50.255.32412: UDP, length 21
18:24:08.121957 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:24:08.346496 IP Server.localdomain.53512 > jm-in-f139.1e100.net.https: tcp 1
18:24:08.419025 IP jm-in-f139.1e100.net.https > Server.localdomain.53512: tcp 0
18:24:08.948857 IP li1184-134.members.linode.com.https > Server.localdomain.52989: tcp 34
18:24:09.146529 IP Server.localdomain.52989 > li1184-134.members.linode.com.https: tcp 0
18:24:09.304876 IP6 fe80::6981:4e44:b5e8:a7bb.52721 > ff02::c.1900: UDP, length 146
18:24:10.121907 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:24:12.121882 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:24:12.304916 IP6 fe80::6981:4e44:b5e8:a7bb.52721 > ff02::c.1900: UDP, length 146
18:24:12.989850 IP Server.localdomain.55999 > 192.168.50.255.32414: UDP, length 21
18:24:12.989852 IP Server.localdomain.55998 > 192.168.50.255.32412: UDP, length 21
18:24:14.121834 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:24:14.834252 IP Camera1.localdomain.50985 > 192.168.50.1.domain: UDP, length 34
18:24:14.834273 IP Camera1.localdomain.50985 > 192.168.50.1.domain: UDP, length 34
18:24:15.305005 IP6 fe80::6981:4e44:b5e8:a7bb.52721 > ff02::c.1900: UDP, length 146
18:24:15.913004 IP Camera3.localdomain.52497 > 192.168.50.1.domain: UDP, length 34
18:24:15.913087 IP Camera3.localdomain.52497 > 192.168.50.1.domain: UDP, length 34
18:24:16.121802 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:24:17.002971 IP Camera2.localdomain.55957 > ec2-52-20-73-96.compute-1.amazonaws.com.6800: tcp 281
18:24:17.096815 IP ec2-52-20-73-96.compute-1.amazonaws.com.6800 > Camera2.localdomain.55957: tcp 142
18:24:17.097231 IP Camera2.localdomain.55957 > ec2-52-20-73-96.compute-1.amazonaws.com.6800: tcp 0
18:24:17.298951 IP Server.localdomain.53363 > jc-in-f188.1e100.net.5228: tcp 1
18:24:17.386785 IP jc-in-f188.1e100.net.5228 > Server.localdomain.53363: tcp 0
18:24:17.989086 IP Server.localdomain.55999 > 192.168.50.255.32414: UDP, length 21
18:24:17.989092 IP Server.localdomain.55998 > 192.168.50.255.32412: UDP, length 21
18:24:18.121751 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:24:18.949495 IP li1184-134.members.linode.com.https > Server.localdomain.52989: tcp 34
18:24:19.147043 IP Server.localdomain.52989 > li1184-134.members.linode.com.https: tcp 0
18:24:19.305320 IP6 fe80::6981:4e44:b5e8:a7bb.52721 > ff02::c.1900: UDP, length 146
18:24:19.839044 IP Camera1.localdomain.59484 > 192.168.50.1.domain: UDP, length 34
18:24:19.839066 IP Camera1.localdomain.59484 > 192.168.50.1.domain: UDP, length 34
18:24:20.121705 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:24:20.917272 IP Camera3.localdomain.46244 > 192.168.50.1.domain: UDP, length 34
18:24:20.917299 IP Camera3.localdomain.46244 > 192.168.50.1.domain: UDP, length 34
18:24:21.583212 IP Server.localdomain.56999 > jm-in-f189.1e100.net.https: UDP, length 23
18:24:21.796200 IP Server.localdomain.56999 > jm-in-f189.1e100.net.https: UDP, length 23
18:24:21.842191 IP Camera2.localdomain.36637 > 192.168.50.1.domain: UDP, length 34
18:24:21.842219 IP Camera2.localdomain.36637 > 192.168.50.1.domain: UDP, length 34
18:24:21.899593 IP jm-in-f189.1e100.net.https > Server.localdomain.56999: UDP, length 34
18:24:22.116211 ARP, Request who-has 192.168.50.1 (40:8d:5c:b7:7b:e1 (oui Unknown)) tell Server.localdomain, length 46
18:24:22.116220 ARP, Reply 192.168.50.1 is-at 40:8d:5c:b7:7b:e1 (oui Unknown), length 28
18:24:22.121670 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:57:d2:ea:a6:25.8039, length 43
18:24:22.171487 IP jm-in-f189.1e100.net.https > Server.localdomain.56999: UDP, length 28
18:24:22.305321 IP6 fe80::6981:4e44:b5e8:a7bb.52721 > ff02::c.1900: UDP, length 146
18:24:22.989357 IP Server.localdomain.55999 > 192.168.50.255.32414: UDP, length 21
            1 Reply Last reply Reply Quote 0
            • X Offline
              xman111
              last edited by

              does anyone know if this is just normal activity?

              1 Reply Last reply Reply Quote 0
              • johnpozJ Offline
                johnpoz LAYER 8 Global Moderator
                last edited by

                Why did you not just limit your capture to 53 from the source IP your interested in?  So did you open packet in wireshark  It would tell you exactly what the query is for..

                So for example here is capture from my wlan_psk network where I put stuff like nest and harmonyhub

                So you can see the harmonyhub is the 4.95 address, and my nest is 4.96 you can see exactly what they did a query for and what answers they got back.

                dnsqueries.jpg
                dnsqueries.jpg_thumb
                nestdnsjpg.jpg_thumb
                nestdnsjpg.jpg

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 25.07.1 | Lab VMs 2.8, 25.07.1

                1 Reply Last reply Reply Quote 0
                • X Offline
                  xman111
                  last edited by

                  HeyJohn,  i did open it up in Wireahark.  it looked like most of the activity was Hikvision's online viewing service and some sort of time requests.  once i turned the service off and set the cameras time to the computers,  most activity stopped.  going to look at setting up NTP server.  thanks again for the help.

                  1 Reply Last reply Reply Quote 0
                  • johnpozJ Offline
                    johnpoz LAYER 8 Global Moderator
                    last edited by

                    Well you didn't post that ;) Nothing from what you posted told us anything other than same thing your first post with firewall logs to 53.

                    As to ntp.. pfsense can be ntp for your network.  Just allow the traffic to their interface.  I run a stratum 1 that is part of ntp pool on my network so I just point all my clients their since I run pfsense as VM and vms don't make for the best time servers ;)

                    If you want links how to setup a stratum 1 with a pi and less than $100 total let me know.. Fun little project..

                    poolntp.jpg
                    poolntp.jpg_thumb

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 25.07.1 | Lab VMs 2.8, 25.07.1

                    1 Reply Last reply Reply Quote 0
                    • X Offline
                      xman111
                      last edited by

                      sorry man, it was about 2am, just before I went to bed.. thanks again for everything.. will let you know when I am ready for the stratum 1 setup.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.