Unbekanntes Gerät im WLAN

Thorsten · Oct 8, 2021

Mahlzeit,
ich betreibe eine Fritzbox an einem Glasfaser Anschluss. Bei einer routinemäßigen Überprüfung ist mir ein unbekannter Client aufgefallen:

Der Client ist im lokalen Netzwerk erreichbar:

nmap sagt erst einmal nicht - wahrscheinlich habe ich nicht die korrekten Optionen verwendet:

Code:

root@ubuntu-ssf:/home/tneckel# nmap -sV -O -v 192.168.178.21

Starting Nmap 7.60 ( https://nmap.org ) at 2021-10-08 17:12 UTC
NSE: Loaded 42 scripts for scanning.
Initiating ARP Ping Scan at 17:12
Scanning 192.168.178.21 [1 port]
Completed ARP Ping Scan at 17:12, 0.22s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 17:12
Completed Parallel DNS resolution of 1 host. at 17:12, 0.01s elapsed
Initiating SYN Stealth Scan at 17:12
Scanning 192.168.178.21 [1000 ports]
Discovered open port 62078/tcp on 192.168.178.21
Increasing send delay for 192.168.178.21 from 0 to 5 due to max_successful_tryno increase to 4
Increasing send delay for 192.168.178.21 from 5 to 10 due to 11 out of 36 dropped probes since last increase.
Increasing send delay for 192.168.178.21 from 10 to 20 due to 11 out of 28 dropped probes since last increase.
Increasing send delay for 192.168.178.21 from 20 to 40 due to 11 out of 29 dropped probes since last increase.
Increasing send delay for 192.168.178.21 from 40 to 80 due to 11 out of 31 dropped probes since last increase.
Completed SYN Stealth Scan at 17:13, 45.52s elapsed (1000 total ports)
Initiating Service scan at 17:13
Scanning 1 service on 192.168.178.21
Completed Service scan at 17:13, 0.07s elapsed (1 service on 1 host)
Initiating OS detection (try #1) against 192.168.178.21
Retrying OS detection (try #2) against 192.168.178.21
adjust_timeouts2: packet supposedly had rtt of -189962 microseconds.  Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -189962 microseconds.  Ignoring time.
Retrying OS detection (try #3) against 192.168.178.21
Retrying OS detection (try #4) against 192.168.178.21
Retrying OS detection (try #5) against 192.168.178.21
adjust_timeouts2: packet supposedly had rtt of -185940 microseconds.  Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -185940 microseconds.  Ignoring time.
NSE: Script scanning 192.168.178.21.
Initiating NSE at 17:13
Completed NSE at 17:13, 0.06s elapsed
Initiating NSE at 17:13
Completed NSE at 17:13, 0.00s elapsed
Nmap scan report for 192.168.178.21
Host is up (0.0043s latency).
Not shown: 999 closed ports
PORT      STATE SERVICE    VERSION
62078/tcp open  tcpwrapped
MAC Address: CA:1D:7B:82:67:48 (Unknown)
No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=7.60%E=4%D=10/8%OT=62078%CT=1%CU=31063%PV=Y%DS=1%DC=D%G=Y%M=CA1D7
OS:B%TM=61607C43%P=x86_64-pc-linux-gnu)SEQ(SP=103%GCD=1%ISR=10F%TI=Z%CI=RD%
OS:TS=20)SEQ(SP=FF%GCD=1%ISR=10A%TI=Z%CI=RD%II=RI%TS=21)OPS(O1=M5B4NW6NNT11
OS:SLL%O2=M5B4NW6NNT11SLL%O3=M5B4NW6NNT11%O4=M5B4NW6NNT11SLL%O5=M5B4NW6NNT1
OS:1SLL%O6=M5B4NNT11SLL)WIN(W1=B50%W2=AD8%W3=4E8%W4=FFFF%W5=418%W6=1FA)ECN(
OS:R=Y%DF=Y%T=40%W=0%O=M5B4NW6SLL%CC=N%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD
OS:=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y%D
OS:F=N%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O
OS:=%RD=0%Q=)T7(R=Y%DF=N%T=40%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=40%
OS:IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=0%RUD=G)IE(R=Y%DFI=S%T=40%CD=S)

Uptime guess: 0.000 days (since Fri Oct  8 17:13:37 2021)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=259 (Good luck!)
IP ID Sequence Generation: All zeros

Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 61.38 seconds
           Raw packets sent: 1543 (78.488KB) | Rcvd: 1318 (57.126KB)

Jemand mit weiteren sachdienlichen Hinweisen hier

.

EDIT: 62078/tcp open tcpwrapped habe ich in der kürze der Zeit lediglich mit Apple in Verbindung bringen können.

Thorsten · Oct 8, 2021

So, Entwarnung:

Code:

19316    20:19:04,135308    192.168.178.21    224.0.0.251    MDNS    179    Standard query 0x0000 PTR lb._dns-sd._udp.local, "QU" question PTR _companion-link._tcp.local, "QU" question PTR _homekit._tcp.local, "QU" question PTR _airplay._tcp.local, "QU" question PTR _raop._tcp.local, "QU" question OPT
19318    20:19:04,198714    192.168.178.21    224.0.0.251    MDNS    179    Standard query 0x0000 PTR lb._dns-sd._udp.local, "QU" question PTR _companion-link._tcp.local, "QU" question PTR _homekit._tcp.local, "QU" question PTR _airplay._tcp.local, "QU" question PTR _raop._tcp.local, "QU" question OPT
19338    20:19:05,136124    192.168.178.21    224.0.0.251    MDNS    164    Standard query 0x0000 PTR lb._dns-sd._udp.local, "QM" question PTR _companion-link._tcp.local, "QM" question PTR _homekit._tcp.local, "QM" question PTR _raop._tcp.local, "QM" question OPT
19340    20:19:05,222603    192.168.178.21    224.0.0.251    MDNS    164    Standard query 0x0000 PTR lb._dns-sd._udp.local, "QM" question PTR _companion-link._tcp.local, "QM" question PTR _homekit._tcp.local, "QM" question PTR _raop._tcp.local, "QM" question OPT
19387    20:19:08,143455    192.168.178.21    224.0.0.251    MDNS    127    Standard query 0x0000 PTR lb._dns-sd._udp.local, "QM" question PTR _raop._tcp.local, "QM" question OPT
19389    20:19:08,192102    192.168.178.21    224.0.0.251    MDNS    127    Standard query 0x0000 PTR lb._dns-sd._udp.local, "QM" question PTR _raop._tcp.local, "QM" question OPT
19463    20:19:17,165562    192.168.178.21    224.0.0.251    MDNS    127    Standard query 0x0000 PTR lb._dns-sd._udp.local, "QM" question PTR _raop._tcp.local, "QM" question OPT
19465    20:19:17,203243    192.168.178.21    224.0.0.251    MDNS    127    Standard query 0x0000 PTR lb._dns-sd._udp.local, "QM" question PTR _raop._tcp.local, "QM" question OPT
19479    20:19:17,654404    192.168.178.21    224.0.0.251    MDNS    103    Standard query 0x045f PTR _googlecast._tcp.local, "QM" question PTR _233637DE._sub._googlecast._tcp.local, "QM" question
19481    20:19:17,715200    192.168.178.21    224.0.0.251    MDNS    103    Standard query 0x045f PTR _googlecast._tcp.local, "QM" question PTR _233637DE._sub._googlecast._tcp.local, "QM" question
19484    20:19:17,818181    192.168.178.21    239.255.255.250    SSDP    167    M-SEARCH * HTTP/1.1
19497    20:19:17,920931    192.168.178.21    239.255.255.250    SSDP    167    M-SEARCH * HTTP/1.1
19499    20:19:18,022931    192.168.178.21    239.255.255.250    SSDP    167    M-SEARCH * HTTP/1.1
19532    20:19:18,655613    192.168.178.21    224.0.0.251    MDNS    103    Standard query 0x045f PTR _googlecast._tcp.local, "QM" question PTR _233637DE._sub._googlecast._tcp.local, "QM" question
19534    20:19:18,740108    192.168.178.21    224.0.0.251    MDNS    103    Standard query 0x045f PTR _googlecast._tcp.local, "QM" question PTR _233637DE._sub._googlecast._tcp.local, "QM" question
19573    20:19:21,094383    192.168.178.21    239.255.255.250    SSDP    167    M-SEARCH * HTTP/1.1
20448    20:19:30,719882    192.168.178.21    239.255.255.250    SSDP    167    M-SEARCH * HTTP/1.1
20449    20:19:30,822275    192.168.178.21    239.255.255.250    SSDP    167    M-SEARCH * HTTP/1.1
20450    20:19:30,926795    192.168.178.21    239.255.255.250    SSDP    167    M-SEARCH * HTTP/1.1
20475    20:19:32,767875    192.168.178.21    239.255.255.250    SSDP    167    M-SEARCH * HTTP/1.1
20476    20:19:32,870228    192.168.178.21    239.255.255.250    SSDP    167    M-SEARCH * HTTP/1.1
20477    20:19:32,972520    192.168.178.21    239.255.255.250    SSDP    167    M-SEARCH * HTTP/1.1
21230    20:19:42,802933    192.168.178.21    239.255.255.250    SSDP    167    M-SEARCH * HTTP/1.1
21239    20:19:42,905229    192.168.178.21    239.255.255.250    SSDP    167    M-SEARCH * HTTP/1.1
21240    20:19:43,007543    192.168.178.21    239.255.255.250    SSDP    167    M-SEARCH * HTTP/1.1
21249    20:19:44,219806    192.168.178.21    224.0.0.251    MDNS    127    Standard query 0x0000 PTR lb._dns-sd._udp.local, "QM" question PTR _raop._tcp.local, "QM" question OPT
21251    20:19:44,236319    192.168.178.21    224.0.0.251    MDNS    127    Standard query 0x0000 PTR lb._dns-sd._udp.local, "QM" question PTR _raop._tcp.local, "QM" question OPT
21372    20:19:48,661234    192.168.178.21    224.0.0.251    MDNS    103    Standard query 0x0460 PTR _googlecast._tcp.local, "QM" question PTR _233637DE._sub._googlecast._tcp.local, "QM" question
21373    20:19:48,741905    192.168.178.21    224.0.0.251    MDNS    103    Standard query 0x0460 PTR _googlecast._tcp.local, "QM" question PTR _233637DE._sub._googlecast._tcp.local, "QM" question
21425    20:19:49,663600    192.168.178.21    224.0.0.251    MDNS    103    Standard query 0x0460 PTR _googlecast._tcp.local, "QM" question PTR _233637DE._sub._googlecast._tcp.local, "QM" question
21426    20:19:49,765886    192.168.178.21    224.0.0.251    MDNS    103    Standard query 0x0460 PTR _googlecast._tcp.local, "QM" question PTR _233637DE._sub._googlecast._tcp.local, "QM" question
21473    20:19:52,837988    192.168.178.21    239.255.255.250    SSDP    167    M-SEARCH * HTTP/1.1
21474    20:19:52,940220    192.168.178.21    239.255.255.250    SSDP    167    M-SEARCH * HTTP/1.1
21478    20:19:53,042570    192.168.178.21    239.255.255.250    SSDP    167    M-SEARCH * HTTP/1.1
21542    20:20:02,872951    192.168.178.21    239.255.255.250    SSDP    167    M-SEARCH * HTTP/1.1
21543    20:20:02,975311    192.168.178.21    239.255.255.250    SSDP    167    M-SEARCH * HTTP/1.1
21544    20:20:03,077658    192.168.178.21    239.255.255.250    SSDP    167    M-SEARCH * HTTP/1.1
21638    20:20:12,805510    192.168.178.21    239.255.255.250    SSDP    167    M-SEARCH * HTTP/1.1
21639    20:20:12,907949    192.168.178.21    239.255.255.250    SSDP    167    M-SEARCH * HTTP/1.1
21640    20:20:13,010369    192.168.178.21    239.255.255.250    SSDP    167    M-SEARCH * HTTP/1.1
22246    20:21:05,381031    192.168.178.21    224.0.0.251    MDNS    98    Standard query 0x0000 PTR lb._dns-sd._udp.local, "QM" question PTR _raop._tcp.local, "QM" question
22251    20:21:05,438263    192.168.178.21    224.0.0.251    MDNS    98    Standard query 0x0000 PTR lb._dns-sd._udp.local, "QM" question PTR _raop._tcp.local, "QM" question
24067    20:23:55,807180    192.168.178.21    224.0.0.251    MDNS    128    Standard query 0x0000 PTR _airplay._tcp.local, "QU" question PTR _raop._tcp.local, "QU" question PTR Samsung Q6 Series (55)._airplay._tcp.local
24069    20:23:55,829217    192.168.178.21    224.0.0.251    MDNS    128    Standard query 0x0000 PTR _airplay._tcp.local, "QU" question PTR _raop._tcp.local, "QU" question PTR Samsung Q6 Series (55)._airplay._tcp.local
24075    20:23:56,812856    192.168.178.21    224.0.0.251    MDNS    128    Standard query 0x0000 PTR _airplay._tcp.local, "QM" question PTR _raop._tcp.local, "QM" question PTR Samsung Q6 Series (55)._airplay._tcp.local
24077    20:23:56,853196    192.168.178.21    224.0.0.251    MDNS    128    Standard query 0x0000 PTR _airplay._tcp.local, "QM" question PTR _raop._tcp.local, "QM" question PTR Samsung Q6 Series (55)._airplay._tcp.local
24118    20:23:59,819650    192.168.178.21    224.0.0.251    MDNS    128    Standard query 0x0000 PTR _airplay._tcp.local, "QM" question PTR _raop._tcp.local, "QM" question PTR Samsung Q6 Series (55)._airplay._tcp.local
24120    20:23:59,925220    192.168.178.21    224.0.0.251    MDNS    128    Standard query 0x0000 PTR _airplay._tcp.local, "QM" question PTR _raop._tcp.local, "QM" question PTR Samsung Q6 Series (55)._airplay._tcp.local
24358    20:24:18,462921    192.168.178.21    224.0.0.251    MDNS    103    Standard query 0x0461 PTR _googlecast._tcp.local, "QM" question PTR _233637DE._sub._googlecast._tcp.local, "QM" question
24359    20:24:18,514469    192.168.178.21    224.0.0.251    MDNS    103    Standard query 0x0461 PTR _googlecast._tcp.local, "QM" question PTR _233637DE._sub._googlecast._tcp.local, "QM" question
24360    20:24:18,561811    192.168.178.21    239.255.255.250    SSDP    167    M-SEARCH * HTTP/1.1
24379    20:24:19,436093    192.168.178.21    224.0.0.251    MDNS    103    Standard query 0x0461 PTR _googlecast._tcp.local, "QM" question PTR _233637DE._sub._googlecast._tcp.local, "QM" question
24380    20:24:19,483238    192.168.178.21    224.0.0.251    MDNS    103    Standard query 0x0461 PTR _googlecast._tcp.local, "QM" question PTR _233637DE._sub._googlecast._tcp.local, "QM" question
24498    20:24:31,464123    192.168.178.21    239.255.255.250    SSDP    167    M-SEARCH * HTTP/1.1
24499    20:24:31,566374    192.168.178.21    239.255.255.250    SSDP    167    M-SEARCH * HTTP/1.1
24502    20:24:31,668645    192.168.178.21    239.255.255.250    SSDP    167    M-SEARCH * HTTP/1.1
24518    20:24:33,511935    192.168.178.21    239.255.255.250    SSDP    167    M-SEARCH * HTTP/1.1
24520    20:24:33,614688    192.168.178.21    239.255.255.250    SSDP    167    M-SEARCH * HTTP/1.1
24522    20:24:33,716652    192.168.178.21    239.255.255.250    SSDP    167    M-SEARCH * HTTP/1.1
24611    20:24:43,546998    192.168.178.21    239.255.255.250    SSDP    167    M-SEARCH * HTTP/1.1
24992    20:24:49,438694    192.168.178.21    224.0.0.251    MDNS    103    Standard query 0x0462 PTR _googlecast._tcp.local, "QM" question PTR _233637DE._sub._googlecast._tcp.local, "QM" question
24993    20:24:49,486335    192.168.178.21    224.0.0.251    MDNS    103    Standard query 0x0462 PTR _googlecast._tcp.local, "QM" question PTR _233637DE._sub._googlecast._tcp.local, "QM" question
25024    20:24:50,463899    192.168.178.21    224.0.0.251    MDNS    103    Standard query 0x0462 PTR _googlecast._tcp.local, "QM" question PTR _233637DE._sub._googlecast._tcp.local, "QM" question
25025    20:24:50,510395    192.168.178.21    224.0.0.251    MDNS    103    Standard query 0x0462 PTR _googlecast._tcp.local, "QM" question PTR _233637DE._sub._googlecast._tcp.local, "QM" question
25189    20:25:03,617124    192.168.178.21    239.255.255.250    SSDP    167    M-SEARCH * HTTP/1.1
25196    20:25:03,719361    192.168.178.21    239.255.255.250    SSDP    167    M-SEARCH * HTTP/1.1

Und nun das Ungewöhnliche: Dieses Gerät (ein Samsung Smart TV) ist bereits länger in Betrieb. Dieses Gerät hat auch einen korrekten Hostnamen (TV--Samsung-Q6-Series--55) der entsprechend in der Fritzbox angezeigt wurde. Offenbar steht dieser zweite - (bisher) unbekannte Hostname - aber in Zusammenhang mit der App Apple TV+*. Dies ist die einzige Änderung, die vor einiger Zeit vorgenommen wurde. Dieses Phänomen ist mir allerdings heute erstmalig aufgefallen.

Gerät vom Stromnetz getrennt - Ping läuft ins Leere.

* Ja, das Gerät hat jetzt zwei unterschiedliche IP Adressen.

mfG
Thorsten

Unbekanntes Gerät im WLAN

Thorsten

SSF Facilitymanagement

Thorsten

SSF Facilitymanagement

We value your privacy