UDP traffic on port 1948

velmanatov · ‎30-07-2007

I recently noticed a lot of UDP traffic passing through my router on port 1498. Does anybody have a clue as to a possible cause of this? No sign of any viruses or anything. It is currently blocked so not causing me any problems - but I am still interested in the source of this. I am also fairly sure this is nothing to do with eye2eye which is the IANA assignment fort his port.

john32 · ‎18-06-2007

That port is registered to eye2eye
eye2eye 1948/tcp eye2eye
eye2eye 1948/udp eye2eye

Is this a product you use?

velmanatov · ‎30-07-2007

No. I don't use this. iosoftware seem to be involved in advanced authentication software (biometrics and so on). I definitely have nothing like this installed.
Nor am I using SkyAnytime which also seems to use port 1948. Nor does it seem to be a port used by any common trojans.

Liam · ‎04-04-2007

Hmm, Sky Anytime uses that port does it? If thats the case then Channel 4-O-D probably does too, and the new BBC iPlayer. Do you use any of those?

john32 · ‎18-06-2007

Assuming you are using windows could you use netstat -a -o to identify which process is using that port?

bobpullen · ‎04-04-2007

Or run a Wireshark capture to identify the originating IP address of the traffic.

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

velmanatov · ‎30-07-2007

OK. It is the BBC iPlayer. The traffic originated at the same time I installed it and it definitely uses port 1948 (as i confirmed from the blog on this very site): http://community.plus.net/trafficmanagement/2007/07/24/were-ready-for-the-beebs-iplayer/
I hadn't made the connection as I was not downloading anything myself at the time, but clearly I was still acting as a peer to others downloading things which I had a copy of. I have to admit it hadn't even occurred to me that the iPlayer was using p2p. Apparently it is built on Kontiki (as are Sky and 4OD as Liam alludes to). In iPlayer there is no way to manage bandwidth and now way to manage sharing (as far as I can see). This is surely going to be a problem for the majority of users.

dave · ‎04-04-2007

Yep, one of things about the iPlayer and other services that use Kontiki is that whenever it's switched on it can upload data to other people. Unfortunately the only real way of controlling the bandwidth is with something like Netlimiter or on the router/firewall. Whilst I can understand why they've chosen the P2P style delivery I would hope that they can add a scheduler like you get in uTorrent in a future version.
Maybe there's a need to rethink how uploads are treated. I will pose the question.

Dave Tomlinson
Enterprise Architect - Network & OSS
Plusnet Technology

velmanatov · ‎30-07-2007

Yeah. I have no problem with using P2P - but A. I want them to make it clear to me what I am installing and B. I want control over when/what/how I share. In particular I don't want to have to manually kill the Kontiki process when I am not using iPlayer. I actually find this a little dishonest as many typical users would not even know that this was still running (other than the fact that it does slow your system down). Since so many people have bandwidth caps they are also potentially limiting their market.
People will always find ways to leech. Giving users control over their sharing hasn't killed off other P2P networks/apps, so if this is the motivation I think it is unwise (and disrespectful of the user).

jelv · ‎10-04-2007

I wonder how many people think that by exiting the process in the system tray they have stopped it sharing?

jelv (a.k.a Spoon Whittler)
Why I have left Plusnet (warning: long post!)
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£14.40/month)
Mobile: iD mobile (£4/month)

_CN_ · ‎11-06-2007

I choose the option to not start iPlayer when the PC powers up, the wife's at home and when she turned the PC on my very restrictive firewall log had loads of these entries (and thats just for one download in the library (and not complete)) -
Aug 7 15:04:01: %SEC-6-IPACCESSLOGP: list 111 denied udp 82.12.244.93(1948) -> 84.92.79.2(1948), 1 packet
Aug 7 15:05:46: %SEC-6-IPACCESSLOGP: list 111 denied tcp 82.12.244.93(2504) -> 84.92.79.2(1947), 1 packet
Aug 7 15:07:16: %SEC-6-IPACCESSLOGP: list 111 denied tcp 82.12.244.93(2614) -> 84.92.79.2(1947), 1 packet
Aug 7 15:07:48: %SEC-6-IPACCESSLOGP: list 111 denied udp 82.3.233.164(1948) -> 84.92.79.2(1948), 1 packet
Aug 7 15:09:49: %SEC-6-IPACCESSLOGP: list 111 denied udp 82.12.244.93(1948) -> 84.92.79.2(1948), 4 packets
Aug 7 15:09:58: %SEC-6-IPACCESSLOGP: list 111 denied udp 82.44.46.122(1948) -> 84.92.79.2(1948), 1 packet
Aug 7 15:10:49: %SEC-6-IPACCESSLOGP: list 111 denied tcp 82.12.244.93(2504) -> 84.92.79.2(1947), 2 packets
Aug 7 15:12:49: %SEC-6-IPACCESSLOGP: list 111 denied tcp 82.12.244.93(2614) -> 84.92.79.2(1947), 2 packets
Aug 7 15:12:49: %SEC-6-IPACCESSLOGP: list 111 denied udp 82.3.233.164(1948) -> 84.92.79.2(1948), 4 packets
Aug 7 15:14:21: %SEC-6-IPACCESSLOGP: list 111 denied udp 80.41.146.105(1948) -> 84.92.79.2(1948), 1 packet
Aug 7 15:43:50: %SEC-6-IPACCESSLOGP: list 111 denied udp 62.245.233.11(1948) -> 84.92.79.2(1948), 1 packet
Aug 7 15:48:51: %SEC-6-IPACCESSLOGP: list 111 denied udp 62.245.233.11(1948) -> 84.92.79.2(1948), 4 packets
Aug 7 16:06:51: %SEC-6-IPACCESSLOGP: list 111 denied udp 144.82.242.29(1948) -> 84.92.79.2(1948), 4 packets
Aug 7 16:16:07: %SEC-6-IPACCESSLOGP: list 111 denied udp 87.81.77.73(1948) -> 84.92.79.2(1948), 1 packet
Not sure how the scoring system works for the sharing stuff but my downloads are not very fast

Good job I won't be using the iPlayer or any of the others.
Regards,

UDP traffic on port 1948

UDP traffic on port 1948

Re: UDP traffic on port 1948

Re: UDP traffic on port 1948

Re: UDP traffic on port 1948

Re: UDP traffic on port 1948

Re: UDP traffic on port 1948

Re: UDP traffic on port 1948

Re: UDP traffic on port 1948

Re: UDP traffic on port 1948

Re: UDP traffic on port 1948

Re: UDP traffic on port 1948