Apple TV with VLC mDNS and a pfSense firewall
Posted: 24 Aug 2024 09:24
I run a multi-vlan home with traffic routing through a pfSense firewall. I get no unexpected entries in the pfSense log when the AppleTV is running. When I open the VLC app I immediately see some interesting connection attempts that I am curious about. I am not concerned about this being a trojan/hack attempt; just trying to understand what it is attempting to accomplish. These messages come before I even attempt to connect to/configure a connection, so I suspect its probably searching for resources. The connections observed:
TCP/443 to the FreeNAS servers which have SMB/CIFS/NFS shares, although as I said none are configured in VLC yet.
TCP/80 to one of the Active Directory (and DNS) servers, but interestingly not to the other AD servers. DFS?
TCP/8080 to the Ubiquiti Unfi Network Controller
TCP/80 to my Brother laser printer
I would bet it's also connecting to a bunch of other thing on its own VLAN, which is dedicated to media streaming resources; however, those don't pass through the firewall.
I suspect it is walking the AVAHI/mDNS records. Out of curiosity, what is it expecting to find on TCP ports 443, 80, and 8080 for each of those devices?
TCP/443 to the FreeNAS servers which have SMB/CIFS/NFS shares, although as I said none are configured in VLC yet.
TCP/80 to one of the Active Directory (and DNS) servers, but interestingly not to the other AD servers. DFS?
TCP/8080 to the Ubiquiti Unfi Network Controller
TCP/80 to my Brother laser printer
I would bet it's also connecting to a bunch of other thing on its own VLAN, which is dedicated to media streaming resources; however, those don't pass through the firewall.
I suspect it is walking the AVAHI/mDNS records. Out of curiosity, what is it expecting to find on TCP ports 443, 80, and 8080 for each of those devices?