On 01/11/2014 04:37 PM, Sherman Grunewagen wrote: > I'm know almost nothing about network protocols, but I can follow instructions. :-) > I've posted the output of two invocations of tcpdump at: > > http://ur1.ca/ge1i9 > > In the 1st invocation I used the scanner IP number; in the 2nd the IP name. It really doesn't matter if you use the ip or the name. Tcpdump will resolve the name to its ip. > (For some reason, the lines before C-c are different.) For each invocation, I see traffic from the printer coming from its mDNS port (5353 If I remember) and the traffic is destined to your machine at some random port (which is an ephemeral port, a random port above 1,024). I guess this is the VueScan software originating the transaction from port 36,247 on your first try and on port 41,354 on the next try. The default firewall rule should allow any response from traffic initiated from your machine so I'm not sure what's going on. But then, I really don't know how mDNS works... You could try it again without limiting the capture to source address. Try it with: tcpdump -i em1 -n net 192.168.1.0/24 ...so we can see the whole transaction. > I started tcpdump, then started vuescan (which failed to see the scanner), > then quit vuescan, then C-c-ed out of tcpdump. > I would enjoy learning what the output means. Try some tcpdump tutorial or better yet, learn how to use WireShark (a graphical tool). However, you should first learn networking principles in order to use these tool so you can make sense out of them. You could learn the tool by itself but it will do you no good if you don't know what's going on. > I tried the temporary change and it worked. If you have the time I would > appreciate learning how to make the more fine-tuned changes in the firewall. > O'wise I'll make the change permanent. Well let's try another tcpdump capture and see if I can come up with something. If not we'll have to see if there's anyone out there who knows better. > Question: In my original message, I mentioned that I was seeing lines like > > ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ctstate NEW > > in the output of `iptables -L'. > One of these was in the "Chain IN_public_allow (1 references)" > By goofing around in the firewall-config interface I was able > to change the 224.0.0.251 to "anywhere". But that didn't > let the scanner through. Would you please explain why? Thanks. The 224.0.0.251 is a multicast address and it makes sense in the mDNS context so you don't need to change it. You can read more about it here: http://en.wikipedia.org/wiki/Multicast_DNS I personally haven't worked with it so I know nothing about it. -- Jorge -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org