I have an issue where if I'm trying to create a ssh connection to a specific host, the connection hangs without timing out. I have tried connecting to this host from the same machine from outside the rails console and it works so I'm assuming this shouldn't be anything related to routing/firewall. I can also confirm I have several other hosts with the exact same OS configuration in different places and they work.
This is the log when running Net::SSH.start in debug mode:
ssh = Net::SSH.start("1.2.3.4", "user", password: "password", verbose: :debug)
2014-02-27 13:17:43 +0100 [DEBUG] establishing connection to 1.2.3.4:22
2014-02-27 13:17:43 +0100 [DEBUG] connection established
2014-02-27 13:17:43 +0100 [INFO] negotiating protocol version
2014-02-27 13:17:43 +0100 [DEBUG] remote is `SSH-2.0-OpenSSH_4.3'
2014-02-27 13:17:43 +0100 [DEBUG] local is `SSH-2.0-Ruby/Net::SSH_2.6.8 i686-linux'
2014-02-27 13:17:43 +0100 [DEBUG] read 704 bytes
2014-02-27 13:17:43 +0100 [DEBUG] received packet nr 0 type 20 len 700
2014-02-27 13:17:43 +0100 [INFO] got KEXINIT from server
2014-02-27 13:17:43 +0100 [INFO] sending KEXINIT
2014-02-27 13:17:43 +0100 [DEBUG] queueing packet nr 0 type 20 len 1620
2014-02-27 13:17:43 +0100 [DEBUG] sent 1624 bytes
2014-02-27 13:17:43 +0100 [INFO] negotiating algorithms
2014-02-27 13:17:43 +0100 [DEBUG] negotiated:
* kex: diffie-hellman-group-exchange-sha1
* host_key: ssh-rsa
* encryption_server: aes128-cbc
* encryption_client: aes128-cbc
* hmac_client: hmac-sha1
* hmac_server: hmac-sha1
* compression_client: none
* compression_server: none
* language_client:
* language_server:
2014-02-27 13:17:43 +0100 [DEBUG] exchanging keys
2014-02-27 13:17:43 +0100 [DEBUG] queueing packet nr 1 type 34 len 20
2014-02-27 13:17:43 +0100 [DEBUG] sent 24 bytes
At this point the ssh connection just hangs and could stay like this for 15-30 minutes.
Unfortunately I have no error message or anything so I'm really clueless about what the problem might be.
Some specs:
ruby-2.0.0-p0
rails (3.2.13)
net-ssh-2.8.0
The IP address in the log is not a real IP on purpose.
Any suggestion about what the problem could be? Or maybe some other log or place I could check out? I found a similar problem outside SO but it didn't get a solution so I'm trying to ask here...
I solved by reducing maximum transmission unit (MTU). My environment was some specific case. I was trying ssh from VMware Virtual Machine to Openstack Instance. And openstack needed smaller packet to be connected by kitchen-openstack which is using fog, using NET::SSH. Not sure if this works for you, but have a try for these commands (assuming in Ubuntu):
check your MTU
sudo netstat -i
You'll get some output like this, in the second column, you can check MTU:
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 0 9658 0 0 0 308 0 0 0 BMRU
lo 16436 0 12952 0 0 0 12952 0 0 0 LRU
For network interface eth0, you can try to reduce MTU from 1500 to, for example 1400 like this:
sudo ifconfig eth0 mtu 1400
try net ssh
ssh = Net::SSH.start("1.2.3.4", "user", password: "password", verbose: :debug)
Related
I have a Linux box on Ubuntu 18.04.3 and have a working fail2ban configuration (like on all my hosts).
In this case I setup a docker-container which acts as a sftp-server for several users - the docker-container has a running rsyslogd and writes login events to /var/log/auth.log - /var/log is mounted to the host-system to /myapp/log/sftp.
So I created a second sshd-jail with this config snippet in jail.local
[myapp-sftp]
filter=sshd
enabled = true
findtime = 1200
maxretry = 2
mode = aggressive
backend = polling
logpath=/myapp/log/sftp/auth.log
The logfile /myapp/log/sftp/auth.log is absolutely there and filled with a lot of failed login tries - from myself and others.
But the jail never gets triggered with a found log entry in fail2ban.log.
I already reset the fail2ban database ... and have no clue what might be wrong.
I tried backend = polling and the default pyinotify.
Checking with fail2ban-regex says that it matches..
# fail2ban-regex /myapp/log/sftp/auth.log /etc/fail2ban/filter.d/sshd.conf
Running tests
=============
Use failregex filter file : sshd, basedir: /etc/fail2ban
Use maxlines : 1
Use datepattern : Default Detectors
Use log file : /myapp/log/sftp/auth.log
Use encoding : UTF-8
Results
=======
Failregex: 268 total
|- #) [# of hits] regular expression
| 3) [64] ^Failed \S+ for invalid user <F-USER>(?P<cond_user>\S+)|(?:(?! from ).)*?</F-USER> from <HOST>(?: port \d+)?(?: on \S+(?: port \d+)?)?(?: ssh\d*)?(?(cond_user): |(?:(?:(?! from ).)*)$)
| 4) [29] ^Failed \b(?!publickey)\S+ for (?P<cond_inv>invalid user )?<F-USER>(?P<cond_user>\S+)|(?(cond_inv)(?:(?! from ).)*?|[^:]+)</F-USER> from <HOST>(?: port \d+)?(?: on \S+(?: port \d+)?)?(?: ssh\d*)?(?(cond_user): |(?:(?:(?! from ).)*)$)
| 6) [64] ^[iI](?:llegal|nvalid) user <F-USER>.*?</F-USER> from <HOST>(?: port \d+)?(?: on \S+(?: port \d+)?)?\s*$
| 21) [111] ^<F-NOFAIL>Connection from</F-NOFAIL> <HOST>
`-
Ignoreregex: 0 total
Date template hits:
|- [# of hits] date format
| [642] {^LN-BEG}(?:DAY )?MON Day %k:Minute:Second(?:\.Microseconds)?(?: ExYear)?
`-
Lines: 642 lines, 0 ignored, 268 matched, 374 missed
[processed in 0.13 sec]
Missed line(s): too many to print. Use --print-all-missed to print all 374 lines
and
# fail2ban-client status myapp-sftp
Status for the jail: myapp-sftp
|- Filter
| |- Currently failed: 0
| |- Total failed: 0
| `- File list: /myapp/log/sftp/auth.log
`- Actions
|- Currently banned: 0
|- Total banned: 0
`- Banned IP list:
# cat /var/log/fail2ban.log | grep myapp
2019-08-21 10:35:33,647 fail2ban.jail [649]: INFO Creating new jail 'wippex-sftp'
2019-08-21 10:35:33,647 fail2ban.jail [649]: INFO Jail 'myapp-sftp' uses pyinotify {}
2019-08-21 10:35:33,664 fail2ban.server [649]: INFO Jail myapp-sftp is not a JournalFilter instance
2019-08-21 10:35:33,665 fail2ban.filter [649]: INFO Added logfile: '/wippex/log/sftp.log' (pos = 0, hash = 287d8cc2e307c5f427aa87c4c649ced889d6bf6a)
2019-08-21 10:35:33,689 fail2ban.jail [649]: INFO Jail 'myapp-sftp' started
I really never get an expected found entry... nor a ban.
Any ideas are welcome.
# fail2ban-server -V
Fail2Ban v0.10.2
Copyright (c) 2004-2008 Cyril Jaquier, 2008- Fail2Ban Contributors
Copyright of modifications held by their respective authors.
log sample from /myapp/log/sftp/auth.log
Aug 21 14:03:13 a9ede63166d9 sshd[202]: Failed password for invalid user mapp from 95.85.16.178 port 41766 ssh2
Aug 21 14:03:13 a9ede63166d9 sshd[202]: Received disconnect from 95.85.16.178 port 41766:11: Normal Shutdown, Thank you for playing [preauth]
Aug 21 14:03:13 a9ede63166d9 sshd[202]: Disconnected from 95.85.16.178 port 41766 [preauth]
Aug 21 14:03:49 a9ede63166d9 sshd[204]: Connection from 95.85.16.178 port 34722 on 172.17.0.3 port 22
Aug 21 14:03:49 a9ede63166d9 sshd[204]: Invalid user mapp from 95.85.16.178 port 34722
Aug 21 14:03:49 a9ede63166d9 sshd[204]: input_userauth_request: invalid user mapp [preauth]
Aug 21 14:03:49 a9ede63166d9 sshd[204]: error: Could not get shadow information for NOUSER
Aug 21 14:03:49 a9ede63166d9 sshd[204]: Failed password for invalid user mapp from 95.85.16.178 port 34722 ssh2
Aug 21 14:03:49 a9ede63166d9 sshd[204]: Received disconnect from 95.85.16.178 port 34722:11: Normal Shutdown, Thank you for playing [preauth]
Aug 21 14:03:49 a9ede63166d9 sshd[204]: Disconnected from 95.85.16.178 port 34722 [preauth]
Problem is "solved". The docker container simply used a different timezone than the host and the logfile timestamps didnt contain the timezone.
So fail2ban assumed the timestamps were written in the same timezone as it´s running environment (on host) and didn´t interprete "old" log entries (2 hr. diff).
See https://github.com/fail2ban/fail2ban/issues/2486
I simply set the host timezone to UTC now - but will try now to set rsyncd to use a timezoned dateformat
ERORR:
Feb 14 14:09:04 es1 postfix/smtp[16443]: connect to mx3.hotmail.com[65.54.188.94]:25: Connection timed out
Feb 14 14:09:34 es1 postfix/smtp[16443]: connect to mx1.hotmail.com[104.44.194.231]:25: Connection timed out
Feb 14 14:10:04 es1 postfix/smtp[16443]: connect to mx1.hotmail.com[207.46.8.167]:25: Connection timed out
Feb 14 14:10:34 es1 postfix/smtp[16443]: connect to mx2.hotmail.com[65.55.37.104]:25: Connection timed out
Feb 14 14:11:04 es1 postfix/smtp[16443]: connect to mx1.hotmail.com[65.55.92.136]:25: Connection timed out
Feb 14 14:11:04 es1 postfix/smtp[16443]: 228D519C06D: to=<xxxx#hotmail.com>, relay=none, delay=395818, delays=395668/0.01/150/0, dsn=4.4.1, status=deferred (connect to mx1.hotmail.com[65.55.92.136]:25: Connection timed out)
I've host Mail Server on CentOS 6 with Postfix/Dovecot, I can receive mail from outside, but can't not sending mail to outside.
Things I've done:
Add spf record to dns, also validate successfully from http://www.kitterman.com/spf/validate.html?
v=spf1 ip4:x.x.x.x -all
Note:
I've change the default port 25 to 26 due to ISP block issue by adding etc/postfix/master.cf
26 inet n - n - - smtpd
Your ISP is probably blocking outbound port 25. Its very common. Your SPF record and inbound SMTP port makes no difference. I suggest you contact your ISP.
I hosted my Rails application last week. Today I was going through our log file and noticed lots of request like this.
I, [2016-03-14T00:42:18.501703 #21223] INFO -- : Started GET "/testproxy.php" for 185.49.14.190 at 2016-03-14 00:42:18 -0400
F, [2016-03-14T00:42:18.510616 #21223] FATAL -- :
ActionController::RoutingError (No route matches [GET] "/testproxy.php"):
Someone is trying to go to testproxy.php from different ip address. Some ip are from poland and others from hongkong. Am I getting attacked by someone. What are my options to protect myself.
Here are other outputs from log file:
I, [2016-03-14T03:09:24.945467 #15399] INFO -- : Started GET "/clientaccesspolicy.xml" for 107.22.223.242 at 2016-03-14 03:09:24 -0400
F, [2016-03-14T03:09:24.949328 #15399] FATAL -- :
ActionController::RoutingError (No route matches [GET] "/clientaccesspolicy.xml"):
Different ip address:
I, [2016-03-14T16:03:47.793731 #15399] INFO -- : Started GET "/testproxy.php" for 178.216.200.48 at 2016-03-14 16:03:47 -0400
F, [2016-03-14T16:03:47.818519 #15399] FATAL -- :
ActionController::RoutingError (No route matches [GET] "/testproxy.php"):
search.php
I, [2016-03-14T19:41:14.261843 #15399] INFO -- : Started GET "/forum/search.php" for 164.132.161.67 at 2016-03-14 19:41:14 -0400
F, [2016-03-14T19:41:14.266563 #15399] FATAL -- :
ActionController::RoutingError (No route matches [GET] "/forum/search.php"):
forum/index.php
I, [2016-03-15T10:54:55.254785 #26469] INFO -- : Started GET "/forum/index.php" for 164.132.161.56 at 2016-03-15 10:54:55 -0400
F, [2016-03-15T10:54:55.266456 #26469] FATAL -- :
ActionController::RoutingError (No route matches [GET] "/forum/index.php"):
phpmyadim/scripts/setup.php
I, [2016-03-15T13:21:36.862918 #26469] INFO -- : Started GET "/phpMyAdmin/scripts/setup.php" for 103.25.73.234 at 2016-03-15 13:21:36 -0400
F, [2016-03-15T13:21:36.867050 #26469] FATAL -- :
ActionController::RoutingError (No route matches [GET] "/phpMyAdmin/scripts/setup.php"):
another setup.php
I, [2016-03-15T13:21:37.452097 #26469] INFO -- : Started GET "/pma/scripts/setup.php" for 103.25.73.234 at 2016-03-15 13:21:37 -0400
F, [2016-03-15T13:21:37.453647 #26469] FATAL -- :
ActionController::RoutingError (No route matches [GET] "/pma/scripts/setup.php"):
myadmin/scripts/setup.php
I, [2016-03-15T13:21:38.034283 #26469] INFO -- : Started GET "/myadmin/scripts/setup.php" for 103.25.73.234 at 2016-03-15 13:21:38 -0400
F, [2016-03-15T13:21:38.041563 #26469] FATAL -- :
ActionController::RoutingError (No route matches [GET] "/myadmin/scripts/setup.php"):
and lots of other stuff. Please tell me how can I protect myself from those attacks.
This is commonplace when you are running a public server. Here is an excerpt of my home server's auth.log:
Mar 14 19:22:36 hotdog sshd[65937]: Received disconnect from 181.214.92.11: 11: Bye Bye [preauth]
Mar 14 19:22:37 hotdog sshd[65939]: Invalid user ubnt from 181.214.92.11
Mar 14 19:22:37 hotdog sshd[65939]: input_userauth_request: invalid user ubnt [preauth]
Mar 14 19:22:37 hotdog sshd[65939]: Received disconnect from 181.214.92.11: 11: Bye Bye [preauth]
Mar 14 19:22:38 hotdog sshd[65941]: Invalid user support from 181.214.92.11
Mar 14 19:22:38 hotdog sshd[65941]: input_userauth_request: invalid user support [preauth]
Mar 14 19:22:38 hotdog sshd[65941]: Received disconnect from 181.214.92.11: 11: Bye Bye [preauth]
Mar 14 19:22:39 hotdog sshd[65943]: Invalid user oracle from 181.214.92.11
Mar 14 19:22:39 hotdog sshd[65943]: input_userauth_request: invalid user oracle [preauth]
Mar 14 19:22:39 hotdog sshd[65943]: Received disconnect from 181.214.92.11: 11: Bye Bye [preauth]
Mar 14 19:22:40 hotdog sshd[65945]: Received disconnect from 181.214.92.11: 11: Bye Bye [preauth]
Mar 14 19:24:04 hotdog sshd[65947]: fatal: Read from socket failed: Operation timed out [preauth]
Mar 14 20:01:19 hotdog sshd[66032]: Received disconnect from 183.3.202.102: 11: [preauth]
Mar 14 20:40:17 hotdog sshd[66092]: Invalid user cacti from 199.217.117.71
Mar 14 20:40:17 hotdog sshd[66092]: input_userauth_request: invalid user cacti [preauth]
Mar 14 20:40:17 hotdog sshd[66092]: Connection closed by 199.217.117.71 [preauth]
Mar 14 21:32:09 hotdog sshd[66188]: Received disconnect from 183.3.202.102: 11: [preauth]
Mar 14 22:01:59 hotdog sshd[66256]: Invalid user user1 from 199.217.117.71
Mar 14 22:01:59 hotdog sshd[66256]: input_userauth_request: invalid user user1 [preauth]
Mar 14 22:02:00 hotdog sshd[66256]: Connection closed by 199.217.117.71 [preauth]
Mar 14 22:17:57 hotdog sshd[66280]: Did not receive identification string from 14.182.117.161
As you can see people are constantly trying to break into my server, by guessing a username. Since the server only accepts publickey login, not password, I believe myself to be fairly secure from these particular attacks.
The same applies to your PHP files. They are trying to find a php endpoint which they can run some canned exploit on. You can use tools like fail2ban which help with rate-limiting. But really these attacks will always be present on a public server. The only way is to ensure your software can resist attacks.
Some general common-sense tips:
Don't run more services than you need, as any one service could open your server to attack. Check which ports you have open with nmap.
Check that your apache/nginx config doesn't allow execute of more (PHP) files than necessary.
Update your software continuously. Most of these attacks are automated and thus rely on published exploits in common packages.
I have the IP address 183.3.202.102 and some others from the same subnet quite frequently appear in the log of one of my honeypots.
It suddenly stopped though. I guess someone finally submitted an abuse report and had them banned.
PC can be very good to achieve the video upload and download, but there are two problems in the use of IOS devices:
1、In the IOS7.0 devices can not upload the video, the following is log:
[DEBUG] Did open connection on socket 17
[DEBUG] Did connect
[DEBUG] Did start background task
[DEBUG] Connection received 528 bytes on socket 17
[DEBUG] Connection received 234 bytes on socket 17
[DEBUG] Connection received 46 bytes on socket 17
[DEBUG] Connection on socket 17 preflighting request "POST /upload" with 808 bytes body
[DEBUG] Connection on socket 17 processing request "POST /upload" with 808 bytes body
2015-12-14 10:58:34.523 GCDWebServer[1701:403846] [UPLOAD] /var/mobile/Containers/Data/Application/5F45B407-9DA8-43D1-AADF-07CF22B1C4B2/Documents/IMG_9675.mp4
[DEBUG] Connection sent 175 bytes on socket 17
[DEBUG] Connection sent 2 bytes on socket 17
[DEBUG] Did close connection on socket 17
[VERBOSE] [my localhost:80] iPad2(7.0) client:50692 200 "POST /upload" (808 | 177)
[DEBUG] Did open connection on socket 17
2015-12-14 10:58:34.577 GCDWebServer[1701:403846] album’s name == GCDWebServer
[DEBUG] Connection received 400 bytes on socket 17
[DEBUG] Connection on socket 17 preflighting request "GET /list" with 400 bytes body
[DEBUG] Connection on socket 17 processing request "GET /list" with 400 bytes body
[DEBUG] Connection sent 177 bytes on socket 17
[DEBUG] Connection sent 213 bytes on socket 17
[DEBUG] Did close connection on socket 17
[VERBOSE] [my localhost:80] iPad2(7.0) client's IP:50693 200 "GET /list" (400 | 390)
[DEBUG] Did open connection on socket 17
[DEBUG] Connection received 453 bytes on socket 17
[DEBUG] Connection on socket 17 preflighting request "GET /download" with 453 bytes body
[DEBUG] Connection on socket 17 processing request "GET /download" with 453 bytes body
[DEBUG] Connection sent 182 bytes on socket 17
[DEBUG] Did close connection on socket 17
[VERBOSE] [my localhost:80] iPad2(7.0) client's IP:50694 304 "GET /download" (453 | 182)
[DEBUG] Did disconnect
[DEBUG] Did end background task
2、In the IPAD device can not download the video, the following is log:
[DEBUG] Did open connection on socket 17
[DEBUG] Did connect
[DEBUG] Did start background task
[DEBUG] Connection received 427 bytes on socket 17
[DEBUG] Connection on socket 17 preflighting request "GET /download" with 427 bytes body
[DEBUG] Connection on socket 17 processing request "GET /download" with 427 bytes body
[DEBUG] Connection sent 398 bytes on socket 17
[DEBUG] Connection sent 32768 bytes on socket 17
[DEBUG] Connection sent 32768 bytes on socket 17
[DEBUG] Connection sent 32768 bytes on socket 17
[DEBUG] Connection sent 32768 bytes on socket 17
[DEBUG] Connection sent 32768 bytes on socket 17
[DEBUG] Connection sent 32768 bytes on socket 17
[ERROR] Error while writing to socket 17: Broken pipe (32)
[DEBUG] Did close connection on socket 17
[VERBOSE] [my localhost:80] iPad2(7.0) client's IP:50690 200 "GET /download" (427 | 197006)
[DEBUG] Did open connection on socket 17
[DEBUG] Connection received 346 bytes on socket 17
[DEBUG] Connection on socket 17 preflighting request "GET /download" with 346 bytes body
[DEBUG] Connection on socket 17 processing request "GET /download" with 346 bytes body
[DEBUG] Connection sent 398 bytes on socket 17
[DEBUG] Connection sent 32768 bytes on socket 17
[DEBUG] Connection sent 32768 bytes on socket 17
[DEBUG] Connection sent 32768 bytes on socket 17
[DEBUG] Connection sent 32768 bytes on socket 17
[ERROR] Error while writing to socket 17: Broken pipe (32)
[DEBUG] Did close connection on socket 17
[VERBOSE] [my localhost:80] iPad2(7.0) client's IP:50691 200 "GET /download" (346 | 131470)
[DEBUG] Did disconnect
[DEBUG] Did end background task
Do you know why? Thank you very much!
Sorry for my ignorance.
I am trying to play a MP4 video on a LG TV using the Connect SDK 1.4.1. We have a working implementation with Chromecast and Apple TV.
When first starting our app, we are able to successfully connect to the LG TV. When trying to play one of our own videos the first time, we receive no response from the Connect SDK, nor do we see the video play on the TV. In the console output, it appears that the TV disconnects from the app. The console output can be seen in the Console Output below.
However, we are able to successfully play the Sintel video provided in your demo. After playing that video, any future attempt to play a video from my app results in the Sintel video being played instead.
I used Charles to redirect the path to the Sintel video, to a video used in my app, and found that the video played fine. This appears to be a communication issue between the App and the TV causing this unintended behavior.
Am I doing something wrong that is specific to the LG platform? Is there any additional information I can provide to solve this problem?
Thank you!
Specs:
ConnectSDK 1.4.1 (installed using Cocoa Pods)
Platform: iOS 8.1.2 (12B440)
LG TV Model #: 47LA6200 (January 2014)
Stream Format: MP4; H.264#1280x720; AAC 44100 Hz Stereo
Console Output.
[DEBUG] Did open connection on socket 27
[DEBUG] Did connect
[DEBUG] Did start background task
[DEBUG] Did open connection on socket 29
[DEBUG] Connection received 909 bytes on socket 29
[DEBUG] Connection received 350 bytes on socket 27
[DEBUG] Connection on socket 29 preflighting request "NOTIFY /RenderingControl/45d7f4f5-ebfc-4d0b-f5bd-79e51d2b2006/event.xml" with 909 bytes body
[DEBUG] Connection on socket 29 processing request "NOTIFY /RenderingControl/45d7f4f5-ebfc-4d0b-f5bd-79e51d2b2006/event.xml" with 909 bytes body
[DEBUG] Connection received 2379 bytes on socket 27
[DEBUG] Connection on socket 27 preflighting request "NOTIFY /ConnectionManager/45d7f4f5-ebfc-4d0b-f5bd-79e51d2b2006/event.xml" with 2729 bytes body
[DEBUG] Connection on socket 27 processing request "NOTIFY /ConnectionManager/45d7f4f5-ebfc-4d0b-f5bd-79e51d2b2006/event.xml" with 2729 bytes body
[DEBUG] Did open connection on socket 32
[DEBUG] Connection sent 122 bytes on socket 29
[DEBUG] Did close connection on socket 29
[VERBOSE] [192.168.1.121:49291] 192.168.1.144:38356 200 "NOTIFY /RenderingControl/45d7f4f5-ebfc-4d0b-f5bd-79e51d2b2006/event.xml" (909 | 122)
[DEBUG] Connection received 1724 bytes on socket 32
[DEBUG] Connection on socket 32 preflighting request "NOTIFY /AVTransport/45d7f4f5-ebfc-4d0b-f5bd-79e51d2b2006/event.xml" with 1724 bytes body
[DEBUG] Connection on socket 32 processing request "NOTIFY /AVTransport/45d7f4f5-ebfc-4d0b-f5bd-79e51d2b2006/event.xml" with 1724 bytes body
[DEBUG] Connection sent 122 bytes on socket 27
[DEBUG] Did close connection on socket 27
[VERBOSE] [192.168.1.121:49291] 192.168.1.144:38355 200 "NOTIFY /ConnectionManager/45d7f4f5-ebfc-4d0b-f5bd-79e51d2b2006/event.xml" (2729 | 122)
[DEBUG] Connection sent 122 bytes on socket 32
[DEBUG] Did close connection on socket 32
[VERBOSE] [192.168.1.121:49291] 192.168.1.144:38357 200 "NOTIFY /AVTransport/45d7f4f5-ebfc-4d0b-f5bd-79e51d2b2006/event.xml" (1724 | 122)
2015-01-13 16:47:32.843 Connect-Demo[1853:1424495] TeamStreamConnectVideo downloaded manifest...
[DEBUG] Did disconnect
[DEBUG] Did end background task