Page 1 of 1

how to detect msn file transfer - layer7 doesn't work

Posted: Wed Jan 28, 2009 4:40 am
by kolorasta
hi
y have a MT as a traffic shapper and i have traffic priorization.

i try to use layer7 to mark msn-filetransfer packets but it doesn't work... y transfer files and counter mangle rule counter doen't change

i search the net to find what ports are used and i find different port ranges everywhere...

does someone succeed in doing this???

thanks and sorry for poor english

Re: how to detect msn file transfer - layer7 doesn't work

Posted: Wed Jan 28, 2009 10:11 am
by mojiro
Try to run wireshark before sending a file in order to capture all the packets when the transfer will begin. Then find something common in all transfers that identify them and make rules using that.

For example, using wireshark I have found how to block the msn advertisements. There are transfered via an XML file. So I blocked this file. I have created that for 2.9.32 version.

Re: how to detect msn file transfer - layer7 doesn't work

Posted: Thu Jan 29, 2009 5:32 am
by chapex
6891 - 6900 (used for filetransfer), If you detect that are used other ports, it is that assurance that using alternative messengers as Gaim, Pidgin, amsn, etc. Microsoft respects these ports for the transference. .

saludos rastafari :D

Re: how to detect msn file transfer - layer7 doesn't work

Posted: Thu Jan 29, 2009 11:53 am
by kolorasta
6891 - 6900 (used for filetransfer), If you detect that are used other ports, it is that assurance that using alternative messengers as Gaim, Pidgin, amsn, etc. Microsoft respects these ports for the transference. .

saludos rastafari :D
take a look at this page http://support.microsoft.com/kb/927847
it says:
File Transfer TCP 443, 1863 TCP/UDP 1025 - 65535
jajaja 1025-65535 they are joking, aren't they???

i have transfer files via WLM to another WLM and I saw ports like TCP 4844

i think the best way is to use layer7 but the string suggested in the layer7 proyect site doesn't work for me

thanks

pd:gracias por el saludo rastafari :wink:

Re: how to detect msn file transfer - layer7 doesn't work

Posted: Thu Jan 29, 2009 11:33 pm
by mojiro
1863 TCP, is primarily used for chat messages
443 TCP, is used for the transfer of the XML file that carries the contact file(backup), extra tabs, advertisement url's
UDP Ports, should be used for video and talk

I do not think that they use UDP for file transfer, it is ridiculous!

Re: how to detect msn file transfer - layer7 doesn't work

Posted: Fri Jan 30, 2009 12:21 am
by kolorasta
........

I do not think that they use UDP for file transfer, it is ridiculous!
i agree w/u

Re: how to detect msn file transfer - layer7 doesn't work

Posted: Fri Jan 30, 2009 9:50 am
by mojiro
I searched in some old work for MSN, and I had found that also uses 7001 port. I do not know why it does.

Also 131.107.111.0/24 and 131.107.112.0/21 are being used to send Application Usage Feedback, so block them.

Re: how to detect msn file transfer - layer7 doesn't work

Posted: Fri Jan 30, 2009 10:20 am
by normis

Re: how to detect msn file transfer - layer7 doesn't work

Posted: Fri Jan 30, 2009 5:40 pm
by kolorasta
hi normis.
i'm currently using that and 0 bytes counted in a couple of days... strange

^(ver [ -~]*msnftp\x0d\x0aver msnftp\x0d\x0ausr|method msnmsgr:)


do i have to put that whole string in the Regexp field??? or without the initial "^(" and the ending ")" ???

Re: how to detect msn file transfer - layer7 doesn't work

Posted: Fri Jan 30, 2009 11:16 pm
by NetworkPro
RouterOS Version? Maybe problem is in hex values representation with \x0d\x0a etc.

Re: how to detect msn file transfer - layer7 doesn't work

Posted: Thu Feb 12, 2009 12:58 am
by kolorasta
RouterOS Version? Maybe problem is in hex values representation with \x0d\x0a etc.
i'm using RouterOS 3.20

thanks