Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

asked 2022-08-06 14:40:19 +0000

packetguy21 gravatar image

Question about my TV talking to my computer?

So I am Information Security graduate not currently active in the field(graduated in 2012 and left the field in 2014).I'm always researching my network to keep my interest going. Anyways my knowledge with wireshark isn't up to par, but I know enough to be dangerous. I have wiped my computer several times as well as devices in my house, because I believe someone is messing around in my network. So I have a Vizio TV that has been sending interesting traffic to the main computer I use and I hope posting here will give me some answers. I believe the hacker is operating off of 'containers' or my Linux partition on my computer because I see my nvidia software using containers as well as finding some in my linux partition when i log in. We will start with the basics and go from there. I have blocked my TV on my software firewall for my computer. Please tell me what exactly is going on here. Any information/feedback/brainstorming is greatly appreciated. I just want my network safe again. This is a UDP stream from the TV(192.168.1.188) trying to communicate with my main computer.

HTTP/1.1 200 OK LOCATION: http://192.168.1.188:56790/dd.xml CACHE-CONTROL: max-age=1800 EXT: BOOTID.UPNP.ORG: 1 SERVER: Linux/2.6 UPnP/1.1 quick_ssdp/1.1 ST: urn:dial-multiscreen-org:service:dial:1 USN: uuid:8bf7c893-d2a6-9389-0b5b-f92ac169e3f3::urn:dial-multiscreen-org:service:dial:1 WAKEUP: MAC=0C:8B:7D:3A:8C:E6;Timeout=30

HTTP/1.1 200 OK LOCATION: http://192.168.1.188:56790/dd.xml CACHE-CONTROL: max-age=1800 EXT: BOOTID.UPNP.ORG: 1 SERVER: Linux/2.6 UPnP/1.1 quick_ssdp/1.1 ST: urn:dial-multiscreen-org:service:dial:1 USN: uuid:8bf7c893-d2a6-9389-0b5b-f92ac169e3f3::urn:dial-multiscreen-org:service:dial:1 WAKEUP: MAC=0C:8B:7D:3A:8C:E6;Timeout=30

HTTP/1.1 200 OK LOCATION: http://192.168.1.188:56790/dd.xml CACHE-CONTROL: max-age=1800 EXT: BOOTID.UPNP.ORG: 1 SERVER: Linux/2.6 UPnP/1.1 quick_ssdp/1.1 ST: urn:dial-multiscreen-org:service:dial:1 USN: uuid:8bf7c893-d2a6-9389-0b5b-f92ac169e3f3::urn:dial-multiscreen-org:service:dial:1 WAKEUP: MAC=0C:8B:7D:3A:8C:E6;Timeout=30

EDIT: I did a nmap scan on my Vizio TV and it has the following ports open

TCP - 7000 - afs3- fileserver TCP - 8007 - http TCP - 8009 - ajp13 TCP - 8443 - https-alt TCP - 9080 - glrpc

all syn-ack

Let me know if you need anymore info on the packets I have captured.

Thanks a ton everyone!

click to hide/show revision 2
None

updated 2022-09-14 15:47:59 +0000

grahamb gravatar image

Question about my TV talking to my computer?

So I am Information Security graduate not currently active in the field(graduated in 2012 and left the field in 2014).I'm always researching my network to keep my interest going. Anyways my knowledge with wireshark isn't up to par, but I know enough to be dangerous. I have wiped my computer several times as well as devices in my house, because I believe someone is messing around in my network. So I have a Vizio TV that has been sending interesting traffic to the main computer I use and I hope posting here will give me some answers. I believe the hacker is operating off of 'containers' or my Linux partition on my computer because I see my nvidia software using containers as well as finding some in my linux partition when i log in. We will start with the basics and go from there. I have blocked my TV on my software firewall for my computer. Please tell me what exactly is going on here. Any information/feedback/brainstorming is greatly appreciated. I just want my network safe again. This is a UDP stream from the TV(192.168.1.188) trying to communicate with my main computer.

HTTP/1.1 200 OK
LOCATION: http://192.168.1.188:56790/dd.xml
CACHE-CONTROL: max-age=1800
EXT:
BOOTID.UPNP.ORG: 1
SERVER: Linux/2.6 UPnP/1.1 quick_ssdp/1.1
ST: urn:dial-multiscreen-org:service:dial:1
USN: uuid:8bf7c893-d2a6-9389-0b5b-f92ac169e3f3::urn:dial-multiscreen-org:service:dial:1
WAKEUP: MAC=0C:8B:7D:3A:8C:E6;Timeout=30
 
MAC=0C:8B:7D:3A:8C:E6;Timeout=30

HTTP/1.1 200 OK
LOCATION: http://192.168.1.188:56790/dd.xml
CACHE-CONTROL: max-age=1800
EXT:
BOOTID.UPNP.ORG: 1
SERVER: Linux/2.6 UPnP/1.1 quick_ssdp/1.1
ST: urn:dial-multiscreen-org:service:dial:1
USN: uuid:8bf7c893-d2a6-9389-0b5b-f92ac169e3f3::urn:dial-multiscreen-org:service:dial:1
WAKEUP: MAC=0C:8B:7D:3A:8C:E6;Timeout=30
 
MAC=0C:8B:7D:3A:8C:E6;Timeout=30

HTTP/1.1 200 OK
LOCATION: http://192.168.1.188:56790/dd.xml
CACHE-CONTROL: max-age=1800
EXT:
BOOTID.UPNP.ORG: 1
SERVER: Linux/2.6 UPnP/1.1 quick_ssdp/1.1
ST: urn:dial-multiscreen-org:service:dial:1
USN: uuid:8bf7c893-d2a6-9389-0b5b-f92ac169e3f3::urn:dial-multiscreen-org:service:dial:1
WAKEUP: MAC=0C:8B:7D:3A:8C:E6;Timeout=30
MAC=0C:8B:7D:3A:8C:E6;Timeout=30

EDIT: I did a nmap scan on my Vizio TV and it has the following ports open

TCP - 7000 - afs3- fileserver
TCP - 8007 - http
TCP - 8009 - ajp13
TCP - 8443 - https-alt
TCP - 9080 - glrpc
glrpc

all syn-ack

Let me know if you need anymore info on the packets I have captured.

Thanks a ton everyone!

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2