<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.6000.16809" name=GENERATOR></HEAD>
<BODY
style="WORD-WRAP: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space">
<DIV dir=ltr align=left><SPAN class=163381912-10032009><FONT face=Arial
color=#0000ff size=2>There is also a known issue in CCM 6.1.2 with rogue media
where after a call is torn down CCM will still send the media for the call. This
would make sense if it went away when you restarted the Cisco IP Voice Media
Streaming App.</FONT></SPAN></DIV><BR>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> cisco-voip-bounces@puck.nether.net
[mailto:cisco-voip-bounces@puck.nether.net] <B>On Behalf Of </B>Samuel
Womack<BR><B>Sent:</B> Monday, March 09, 2009 8:05 PM<BR><B>To:</B> omar
parihuana<BR><B>Cc:</B> cisco-voip@puck.nether.net<BR><B>Subject:</B> Re:
[cisco-voip] Strange Behavior into CUCM 6.1.2<BR></FONT><BR></DIV>
<DIV></DIV>MTP, MoH, Conference Resources, Annunciator, etc etc..
<DIV><BR></DIV>
<DIV><BR>
<DIV>
<DIV>On Mar 9, 2009, at 7:00 PM, omar parihuana wrote:</DIV><BR
class=Apple-interchange-newline>
<BLOCKQUOTE type="cite">Thank for your prompt response, I've just stopped
service per service I've found that after stop the service: Cisco IP Voice
Media Streaming App, the strange traffic disappeared!<BR><BR>admin:utils
network capture dest 172.16.54.33<BR>Executing command with
options:<BR> size=128
count=1000
interface=eth0<BR> src=
dest=172.16.54.33
port=
<BR> ip=
<BR><BR><BR>Now, which is the purpose of that service??? I suppose that cisco
web page will be useful... thanks!!<BR><BR>Rgds.<BR><BR>
<DIV class=gmail_quote>On Mon, Mar 9, 2009 at 6:37 PM, Wes Sisk <SPAN
dir=ltr><<A href="mailto:wsisk@cisco.com">wsisk@cisco.com</A>></SPAN>
wrote:<BR>
<BLOCKQUOTE class=gmail_quote
style="PADDING-LEFT: 1ex; MARGIN: 0pt 0pt 0pt 0.8ex; BORDER-LEFT: rgb(204,204,204) 1px solid">
<DIV text="#000000" bgcolor="#ffffff">I checked my 6.1 servers and do not
see similar traffic offhand. There are numerous client applications that may
'subscribe' for updates from CUCM. Examples include jtapi, Attendant
Console, IPMA, and SIP. This appears particularly likely given the
source port range, from cucm, uses numerous ports in the ephemeral
range.<BR><BR>What UC applications or plugins are installed on
172.16.54.33? Alternatively, can you provide some of the
payload?<BR><BR>/Wes
<DIV>
<DIV></DIV>
<DIV class=h5><BR><BR>On Monday, March 09, 2009 7:12:27 PM, omar parihuana
<A href="mailto:omar.parihuana@gmail.com"
target=_blank><omar.parihuana@gmail.com></A> wrote:<BR></DIV></DIV>
<BLOCKQUOTE type="cite">
<DIV>
<DIV></DIV>
<DIV class=h5>Hi List,<BR><BR>Today I've noticed that my RTP traffic rise
above of the normal parameters, after check the CUCM I've noticed that my
CUCM tried to connect to external host via UDP port 2048 here my
outputs:<BR><BR>admin:utils network capture dest 172.16.54.33
<BR><BR>17:48:34.284360 PECMA01.galileo.ebel.27332 > 172.16.54.33.2048:
udp 172 (DF) [tos 0xb8] <BR>17:48:34.284379 PECMA01.galileo.ebel.27236
> 172.16.54.33.2048: udp 172 (DF) [tos 0xb8] <BR>17:48:34.284398
PECMA01.galileo.ebel.27222 > 172.16.54.33.2048: udp 172 (DF) [tos 0xb8]
<BR>17:48:34.294325 PECMA01.galileo.ebel.27284 > 172.16.54.33.2048: udp
172 (DF) [tos 0xb8] <BR>17:48:34.304347 PECMA01.galileo.ebel.27364 >
172.16.54.33.2048: udp 172 (DF) [tos 0xb8] <BR>17:48:34.304366
PECMA01.galileo.ebel.27332 > 172.16.54.33.2048: udp 172 (DF) [tos 0xb8]
<BR>17:48:34.304385 PECMA01.galileo.ebel.27236 > 172.16.54.33.2048: udp
172 (DF) [tos 0xb8] <BR>17:48:34.304403 PECMA01.galileo.ebel.27222 >
172.16.54.33.2048: udp 172 (DF) [tos 0xb8] <BR>17:48:34.314325
PECMA01.galileo.ebel.27284 > 172.16.54.33.2048: udp 172 (DF) [tos 0xb8]
<BR>17:48:34.324342 PECMA01.galileo.ebel.27364 > 172.16.54.33.2048: udp
172 (DF) [tos 0xb8] <BR>17:48:34.324361 PECMA01.galileo.ebel.27332 >
172.16.54.33.2048: udp 172 (DF) [tos 0xb8] <BR>17:48:34.324379
PECMA01.galileo.ebel.27236 > 172.16.54.33.2048: udp 172 (DF) [tos 0xb8]
<BR>17:48:34.324397 PECMA01.galileo.ebel.27222 > 172.16.54.33.2048: udp
172 (DF) [tos 0xb8] <BR>17:48:34.334328 PECMA01.galileo.ebel.27284 >
172.16.54.33.2048: udp 172 (DF) [tos 0xb8] <BR>17:48:34.344342
PECMA01.galileo.ebel.27364 > 172.16.54.33.2048: udp 172 (DF) [tos 0xb8]
<BR>17:48:34.344362 PECMA01.galileo.ebel.27332 > 172.16.54.33.2048: udp
172 (DF) [tos 0xb8] <BR>17:48:34.344380 PECMA01.galileo.ebel.27236 >
172.16.54.33.2048: udp 172 (DF) [tos 0xb8] <BR>17:48:34.344398
PECMA01.galileo.ebel.27222 > 172.16.54.33.2048: udp 172 (DF) [tos 0xb8]
<BR>17:48:34.354328 PECMA01.galileo.ebel.27284 > 172.16.54.33.2048: udp
172 (DF) [tos 0xb8] <BR>17:48:34.364347 PECMA01.galileo.ebel.27364 >
172.16.54.33.2048: udp 172 (DF) [tos 0xb8] <BR>17:48:34.364366
PECMA01.galileo.ebel.27332 > 172.16.54.33.2048: udp 172 (DF) [tos 0xb8]
<BR>17:48:34.364386 PECMA01.galileo.ebel.27236 > 172.16.54.33.2048: udp
172 (DF) [tos 0xb8] <BR>17:48:34.364404 PECMA01.galileo.ebel.27222 >
172.16.54.33.2048: udp 172 (DF) [tos 0xb8] <BR>17:48:34.374325
PECMA01.galileo.ebel.27284 > 172.16.54.33.2048: udp 172 (DF) [tos 0xb8]
<BR>17:48:34.384345 PECMA01.galileo.ebel.27364 > 172.16.54.33.2048: udp
172 (DF) [tos 0xb8] <BR>17:48:34.384364 PECMA01.galileo.ebel.27332 >
172.16.54.33.2048: udp 172 (DF) [tos 0xb8] <BR>17:48:34.384383
PECMA01.galileo.ebel.27236 > 172.16.54.33.2048: udp 172 (DF) [tos 0xb8]
<BR>17:48:34.384400 PECMA01.galileo.ebel.27222 > 172.16.54.33.2048: udp
172 (DF) [tos 0xb8] <BR><BR>What traffic is that? what application
generate a lot of info with port dest 2048. any ideas?<BR><BR>Rgds.<BR>--
<BR>Omar E.P.T<BR>-----------------<BR>Certified Networking Professionals
make better Connections!<BR></DIV></DIV><PRE><HR width="90%" SIZE=4>_______________________________________________
cisco-voip mailing list
<A href="mailto:cisco-voip@puck.nether.net" target=_blank>cisco-voip@puck.nether.net</A>
<A href="https://puck.nether.net/mailman/listinfo/cisco-voip" target=_blank>https://puck.nether.net/mailman/listinfo/cisco-voip</A>
</PRE></BLOCKQUOTE><BR></DIV></BLOCKQUOTE></DIV><BR><BR clear=all><BR>--
<BR>Omar E.P.T<BR>-----------------<BR>Certified Networking Professionals make
better
Connections!<BR>_______________________________________________<BR>cisco-voip
mailing list<BR><A
href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</A><BR>https://puck.nether.net/mailman/listinfo/cisco-voip<BR></BLOCKQUOTE></DIV><BR></DIV></BODY></HTML>