Hello,
I was trying to stream content from N95 to a philips SLM 5500 device.
I did a port scan of the N95 (using nmap) , and it came up with some interesteing results.
c:\programs\nmap --open 192_168_1_6 -p 1900
Starting Nmap 4.20 < url for insecure_org> at 2007-05-02 11:28 Pacific Daylight Time
The 1 scanned port on 192_168_1_6 is closed
MAC Address: 00:ab:cd:ef:gh:ij <Nokia Danmark A/S>
NMap finished: 1 IP address <1 host up> scanned in 13.550 seconds.
c:\programs\nmap --open 192_168_1_6 -sV
Starting Nmap 4.20 < url for insecure_org> at 2007-05-02 11:28 Pacific Daylight Time
All 1697 scanned ports on 192_168_1_6 are closed
MAC Address: 00:ab:cd:ef:gh:ij <Nokia Danmark A/S>
Service detection performed. Please report any incorrect results at [insecure_org_nmap_submit] .
NMap finished: 1 IP address <1_host_up> scanned in 20.019 seconds.
since port 1900 is used for service discovery of UPnP and it is closed, how is the N95 recognised as a UPnP device?
I think you need to have the crappy Nokia Home server running that comes on a CD in the box. Nokia's implementation of uPnP is shocking, i think it requires the Nokia software running on a PC to mediate. I'm probably wrong.
For what it's worth, I think instead of "Universal Plug And Play" it should have been called "Nokia's Crappy Proprietary Plug And Pray".
You have to turn on UPnP in the Home Network application before it will work.
UPnP only uses UDP on port 1900 because a UPnP session starts with a broadcast which TCP doesn't support. Since you're doing a TCP scan in nmap it won't show up the open port.
Once the device has done a broadcast it then uses TCP over port 5000.
thanks for the reply,
upnp is turned on on all the home network applications.
upnp uses UDP not TCP on port 1900?
the nokia n95 does not mention tcp port 5000 it mentions port 1900 and three other ports, you think it has missed out a port.
doesn't nmap scan support udp scans?
It sounds like Nokia aren't sticking to the protocol if it mentions other ports then. UPnP definitely uses UDP on port 1900 for the initial broadcast then goes to TCP on 5000 for UPnP events. It's the only way it could work as the device needs to send a discovery packet which will only work with UDP.
Nmap supports UDP scanning, try -u or something like that, have a search for a list of switches.
thanks for the reply
i will find the switch for udp scanning, i think it is -sU.
i guess the generic nmap --open -p 1-65535 just searches for open tcp ports, correct?
does upnp mandate the use of port5000 for upnp? i guess it would be opened once communicatio nhas been established using udp1900?
nmap --open -p 1-65535 will just do a TCP scan
I don't even bother with the --open switch, just "nmap IP", sometimes nmap -P0 to not ping when the hosts don't return ICMP and sometimes nmap -O for OS detection.
Search for the RFC to UPnP it'll tell you all about the protocol.
thanks for the reply,
so i will be doing something like nmap 192.168.1.4 -uS -p0 1-65535
will search for the RFC to UPnP
To be honest I wouldn't even bother with the 1-65535
just try "nmap -sU 192.168.1.4" which will scan all ports anyway