cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
9811
Views
0
Helpful
14
Replies
Osirison
Beginner

AppleTV bonjour discovery

I have seen many threads on the internet about AppleTV and bonjour trouble in networks, especialy enterprise networks.

None of them really helped me or solved my problem.

My network is a simple medium scale home network contaning only managed switches in L2 mode and one IP range 192.168.1.x

Cisco cable modem EPC3212 > Cisco ISA570 running the DHCP server > Cisco SG300 switch in L2 mode > Apple Airport extreme bridged accesspoint mode

Also connected on the SG300 switch are 3 other SG300 switches all of them in L2

When I connect the AppleTV via ethernet to one of the SG300 switches then after about 5 minutes the AppleTV dissappears from the bonjour broadcast

I check this using bonjour browser on the Macbookpro connected wireless via the Apple Airport or wired via thunderbolt>ethernet to one of the SG300 switches.

Also the iPad and iPhone do not see the AppleTV these devices are also connected to the Apple Airport.

When I disable and enable the Airplay function on the AppleTV its seen again for about 5 minutes on all devices and it can play video again.

Strangely the B&W Zeppelin which is also an Airplay device connected via ethernet is always found, I have never seen it dissappear.

As soon I connect the AppleTV wirelessly to the Apple Airport the problem is solved.

Remember there is only one IP range i have not setup any other VLANs, Bonjour discovery is enabled in the ISA and all SG300 switches, storm control is disabled in all switches.

I have tried using the switches in L3 but its known not to work at all since TTL of the bonjour devices are 1 and will not pass through.

Can anyone explain how this can not work when connected via ethernet in the same network/iprange?

14 REPLIES 14
mfurnival
Enthusiast

Paul,

My first instinct would be to configure port mirroring and have a look at what is happening with Wireshark when it stops working.

This document gives some information:

http://www.cisco.com/en/US/docs/switches/lan/csbms/sf30x_sg30x/administration_guide/78-19308-01.pdf

There is also a section in there about the Bonjour service on the management VLAN itself and you can disable it - don't know if this could be causing a conflict?

I have captured the situation using Wireshark since I have only basic knowledge about networking its kind of hard to figure out what is causing the problem.

Here is the capture file, I would be happy to get some help on this.

http://datastore.paulsteenbergen.net/temp/capture_appletv

Apple TV is at 192.168.1.20

Apple Airport 192.168.1.6

-Captured via macbook en2 192.168.1.16

macbook wifi en0 192.168.1.26

Zeppelin airplay 192.168.1.82

The Draytek device is for 2.6GHz wifi

Paul,

Can you explain what you did when you were capturing? Was this an instance of the service freezing up and you rebooting the Apple TV and it then being restored?

I can see MDNS advertisements from the Apple TV all through the capture.

By the way - what is 192.168.1.5 - it has a Draytek MAC address?

Hi mfurnival,

When I started the capture AppleTV was being reconized.

After about 5 minutes I found out the AppleTV was not showing up anymore in the bonjour browser.

Then I switched Airplay off and back on in the AppleTV options menu.

I saw the AppleTV again in the bonjour browser and about 10/20 seconds later I stopped the capture.

192.168.1.5 is a Draytek 2920 router now being used only as 2.6GHz accesspoint, so DHCP/NAT etc etc is off.

Paul,

When the Apple TV goes offline in the Bonjour Browser are you still able to ping it on on the 192.168.1.20 IP address?

I would also be interested to know if you do a port scan on UDP port 5353 on the Apple TV before / during / after the event what do you see? You can get a free port scanner called NMAP for OSX.

I kept the ping running and even when the device is not been seen anymore in the bonjour browser it also timed out on pings

64 bytes from 192.168.1.20: icmp_seq=1057 ttl=64 time=2.146 ms

64 bytes from 192.168.1.20: icmp_seq=1058 ttl=64 time=3.114 ms

Request timeout for icmp_seq 1059

Request timeout for icmp_seq 1060

Request timeout for icmp_seq 1061

36 bytes from 192.168.1.6: Redirect Host(New addr: 192.168.1.20)

Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst

4  5  00 0054 5ca8   0 0000  40  01 9a8c 192.168.1.16  192.168.1.20

Request timeout for icmp_seq 1062

36 bytes from 192.168.1.6: Redirect Host(New addr: 192.168.1.20)

Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst

4  5  00 0054 1cb4   0 0000  40  01 da80 192.168.1.16  192.168.1.20

Request timeout for icmp_seq 1063

36 bytes from 192.168.1.6: Redirect Host(New addr: 192.168.1.20)

Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst

4  5  00 0054 44c5   0 0000  40  01 b26f 192.168.1.16  192.168.1.20

Strangely after some time it comes back!

But it does not show up in the bonjour browser again.

64 bytes from 192.168.1.20: icmp_seq=1138 ttl=64 time=10.379 ms

64 bytes from 192.168.1.20: icmp_seq=1139 ttl=64 time=1.623 ms

Output of NMAP when AppleTV was being discovered

Starting Nmap 6.25 ( http://nmap.org ) at 2013-05-30 18:00 CEST

NSE: Loaded 106 scripts for scanning.

NSE: Script Pre-scanning.

Initiating ARP Ping Scan at 18:00

Scanning 192.168.1.20 [1 port]

Completed ARP Ping Scan at 18:00, 0.01s elapsed (1 total hosts)

Initiating Parallel DNS resolution of 1 host. at 18:00

Completed Parallel DNS resolution of 1 host. at 18:00, 6.51s elapsed

Initiating SYN Stealth Scan at 18:00

Scanning 192.168.1.20 [1000 ports]

Increasing send delay for 192.168.1.20 from 0 to 5 due to 34 out of 84 dropped probes since last increase.

Discovered open port 62078/tcp on 192.168.1.20

Discovered open port 7000/tcp on 192.168.1.20

Increasing send delay for 192.168.1.20 from 5 to 10 due to max_successful_tryno increase to 5

Discovered open port 7100/tcp on 192.168.1.20

Warning: 192.168.1.20 giving up on port because retransmission cap hit (6).

Discovered open port 5000/tcp on 192.168.1.20

Discovered open port 3689/tcp on 192.168.1.20

Completed SYN Stealth Scan at 18:00, 26.82s elapsed (1000 total ports)

Initiating UDP Scan at 18:00

Scanning 192.168.1.20 [1000 ports]

Discovered open port 5353/udp on 192.168.1.20

Increasing send delay for 192.168.1.20 from 0 to 50 due to 35 out of 87 dropped probes since last increase.

Completed UDP Scan at 18:01, 52.99s elapsed (1000 total ports)

Initiating Service scan at 18:01

Scanning 6 services on 192.168.1.20

Completed Service scan at 18:01, 21.06s elapsed (6 services on 1 host)

Initiating OS detection (try #1) against 192.168.1.20

NSE: Script scanning 192.168.1.20.

Initiating NSE at 18:01

Completed NSE at 18:02, 8.30s elapsed

Nmap scan report for 192.168.1.20

Host is up (0.0044s latency).

Not shown: 1964 closed ports, 30 filtered ports

PORT      STATE SERVICE    VERSION

3689/tcp  open  daap       Apple iTunes DAAP 11.0.1d1

5000/tcp  open  rtsp       Apple AirTunes rtspd 160.10 (Apple TV)

| rtsp-methods:

|_  ANNOUNCE, SETUP, RECORD, PAUSE, FLUSH, TEARDOWN, OPTIONS, GET_PARAMETER, SET_PARAMETER, POST, GET

7000/tcp  open  http       Apple AirPlay httpd

|_http-title: Site doesn't have a title.

7100/tcp  open  http       Apple AirPlay httpd

|_http-methods: No Allow or Public header in OPTIONS response (status code 400)

62078/tcp open  tcpwrapped

5353/udp  open  mdns       DNS-based service discovery

| dns-service-discovery:

|   3689/tcp touch-able

|     txtvers=1

|     RmSV=65536

|     DbId=6BBD97D4AD81E7E8

|     CtlN=Apple\xC2\xA0TV

|     DvSv=1312

|     DvTy=AppleTV

|     iV=196617

|     Ver=131075

|     Address=192.168.1.20 fe80:0:0:0:1240:f3ff:feea:985e

|   3689/tcp appletv-v2

|     txtvers=1

|     hG=00000000-0b83-7d8c-cc3a-5f4c1899488d

|     MniT=167845888

|     fs=2

|     Name=Apple\xC2\xA0TV

|     PrVs=65538

|     DFID=2

|     EiTS=1

|     MiTPV=196611

|     Address=192.168.1.20 fe80:0:0:0:1240:f3ff:feea:985e

|   5000/tcp raop

|     txtvers=1

|     ch=2

|     cn=0,1,2,3

|     da=true

|     et=0,3,5

|     ft=0x5A7FFFF7

|     md=0,1,2

|     pw=false

|     pk=0b493b51d0a001a53b2dc16e6bf679ac458e571e32ca5c595123cad0692f3170

|     sv=false

|     sr=44100

|     ss=16

|     tp=UDP

|     vn=65537

|     vs=160.10

|     vv=1

|     am=AppleTV3,1

|     sf=0x4

|     Address=192.168.1.20 fe80:0:0:0:1240:f3ff:feea:985e

|   7000/tcp airplay

|     deviceid=10:40:F3:EA:98:5E

|     features=0x5a7ffff7

|     flags=0x4

|     model=AppleTV3,1

|     pk=0b493b51d0a001a53b2dc16e6bf679ac458e571e32ca5c595123cad0692f3170

|     srcvers=160.10

|     vv=1

|     model=J33AP

|     Address=192.168.1.20 fe80:0:0:0:1240:f3ff:feea:985e

|   60618/udp sleep-proxy

|_    Address=192.168.1.20 fe80:0:0:0:1240:f3ff:feea:985e

MAC Address: 10:40:F3:EA:98:5E (Apple)

Device type: media device|phone

Running: Apple iOS 4.X|5.X|6.X

OS CPE: cpe:/o:apple:iphone_os:4 cpe:/a:apple:apple_tv:4 cpe:/o:apple:iphone_os:5 cpe:/o:apple:iphone_os:6

OS details: Apple Mac OS X 10.8.0 - 10.8.2 (Mountain Lion) or iOS 4.4.2 - 6.0.0 (Darwin 11.0.0 - 12.2.0)

Uptime guess: 6.747 days (since Fri May 24 00:06:15 2013)

Network Distance: 1 hop

TCP Sequence Prediction: Difficulty=255 (Good luck!)

IP ID Sequence Generation: Randomized

Service Info: OSs: OS X, Mac OS X; Device: media device; CPE: cpe:/o:apple:mac_os_x

TRACEROUTE

HOP RTT     ADDRESS

1   4.36 ms 192.168.1.20

NSE: Script Post-scanning.

Read data files from: /usr/local/bin/../share/nmap

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 118.68 seconds

           Raw packets sent: 3584 (135.553KB) | Rcvd: 2071 (103.003KB)

Output of NMAP when AppleTV is not seen in the bonjour browser

Starting Nmap 6.25 ( http://nmap.org ) at 2013-05-30 18:40 CEST

NSE: Loaded 106 scripts for scanning.

NSE: Script Pre-scanning.

Initiating ARP Ping Scan at 18:40

Scanning 192.168.1.20 [1 port]

Completed ARP Ping Scan at 18:40, 0.01s elapsed (1 total hosts)

Initiating Parallel DNS resolution of 1 host. at 18:40

Completed Parallel DNS resolution of 1 host. at 18:40, 6.51s elapsed

Initiating SYN Stealth Scan at 18:40

Scanning 192.168.1.20 [1000 ports]

Discovered open port 62078/tcp on 192.168.1.20

Discovered open port 5000/tcp on 192.168.1.20

Increasing send delay for 192.168.1.20 from 0 to 5 due to 35 out of 87 dropped probes since last increase.

Discovered open port 3689/tcp on 192.168.1.20

Discovered open port 7100/tcp on 192.168.1.20

Increasing send delay for 192.168.1.20 from 5 to 10 due to max_successful_tryno increase to 5

Warning: 192.168.1.20 giving up on port because retransmission cap hit (6).

Discovered open port 7000/tcp on 192.168.1.20

Completed SYN Stealth Scan at 18:41, 29.21s elapsed (1000 total ports)

Initiating UDP Scan at 18:41

Scanning 192.168.1.20 [1000 ports]

Increasing send delay for 192.168.1.20 from 0 to 50 due to 35 out of 86 dropped probes since last increase.

Discovered open port 5353/udp on 192.168.1.20

Completed UDP Scan at 18:42, 52.63s elapsed (1000 total ports)

Initiating Service scan at 18:42

Scanning 6 services on 192.168.1.20

Completed Service scan at 18:42, 21.06s elapsed (6 services on 1 host)

Initiating OS detection (try #1) against 192.168.1.20

NSE: Script scanning 192.168.1.20.

Initiating NSE at 18:42

Completed NSE at 18:42, 8.36s elapsed

Nmap scan report for 192.168.1.20

Host is up (0.0049s latency).

Not shown: 1954 closed ports, 40 filtered ports

PORT      STATE SERVICE    VERSION

3689/tcp  open  daap       Apple iTunes DAAP 11.0.1d1

5000/tcp  open  rtsp       Apple AirTunes rtspd 160.10 (Apple TV)

| rtsp-methods:

|_  ANNOUNCE, SETUP, RECORD, PAUSE, FLUSH, TEARDOWN, OPTIONS, GET_PARAMETER, SET_PARAMETER, POST, GET

7000/tcp  open  http       Apple AirPlay httpd

|_http-title: Site doesn't have a title.

7100/tcp  open  http       Apple AirPlay httpd

|_http-methods: No Allow or Public header in OPTIONS response (status code 400)

|_http-title: Site doesn't have a title.

62078/tcp open  tcpwrapped

5353/udp  open  mdns       DNS-based service discovery

| dns-service-discovery:

|   3689/tcp touch-able

|     txtvers=1

|     RmSV=65536

|     DbId=6BBD97D4AD81E7E8

|     CtlN=Apple\xC2\xA0TV

|     DvSv=1312

|     DvTy=AppleTV

|     iV=196617

|     Ver=131075

|     Address=192.168.1.20 fe80:0:0:0:1240:f3ff:feea:985e

|   3689/tcp appletv-v2

|     txtvers=1

|     hG=00000000-0b83-7d8c-cc3a-5f4c1899488d

|     MniT=167845888

|     fs=2

|     Name=Apple\xC2\xA0TV

|     PrVs=65538

|     DFID=2

|     EiTS=1

|     MiTPV=196611

|     Address=192.168.1.20 fe80:0:0:0:1240:f3ff:feea:985e

|   5000/tcp raop

|     txtvers=1

|     ch=2

|     cn=0,1,2,3

|     da=true

|     et=0,3,5

|     ft=0x5A7FFFF7

|     md=0,1,2

|     pw=false

|     pk=0b493b51d0a001a53b2dc16e6bf679ac458e571e32ca5c595123cad0692f3170

|     sv=false

|     sr=44100

|     ss=16

|     tp=UDP

|     vn=65537

|     vs=160.10

|     vv=1

|     am=AppleTV3,1

|     sf=0x4

|     Address=192.168.1.20 fe80:0:0:0:1240:f3ff:feea:985e

|   7000/tcp airplay

|     deviceid=10:40:F3:EA:98:5E

|     features=0x5a7ffff7

|     flags=0x4

|     model=AppleTV3,1

|     pk=0b493b51d0a001a53b2dc16e6bf679ac458e571e32ca5c595123cad0692f3170

|     srcvers=160.10

|     vv=1

|     model=J33AP

|     Address=192.168.1.20 fe80:0:0:0:1240:f3ff:feea:985e

|   60618/udp sleep-proxy

|_    Address=192.168.1.20 fe80:0:0:0:1240:f3ff:feea:985e

MAC Address: 10:40:F3:EA:98:5E (Apple)

Device type: media device|phone

Running: Apple iOS 4.X|5.X|6.X

OS CPE: cpe:/o:apple:iphone_os:4 cpe:/a:apple:apple_tv:4 cpe:/o:apple:iphone_os:5 cpe:/o:apple:iphone_os:6

OS details: Apple Mac OS X 10.8.0 - 10.8.2 (Mountain Lion) or iOS 4.4.2 - 6.0.0 (Darwin 11.0.0 - 12.2.0)

Uptime guess: 6.775 days (since Fri May 24 00:07:04 2013)

Network Distance: 1 hop

TCP Sequence Prediction: Difficulty=261 (Good luck!)

IP ID Sequence Generation: Randomized

Service Info: OSs: OS X, Mac OS X; Device: media device; CPE: cpe:/o:apple:mac_os_x

TRACEROUTE

HOP RTT     ADDRESS

1   4.91 ms 192.168.1.20

NSE: Script Post-scanning.

Read data files from: /usr/local/bin/../share/nmap

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 120.79 seconds

           Raw packets sent: 3715 (143.606KB) | Rcvd: 2063 (102.771KB)

Also I got the same trouble with discovering the HP Photosmart printer also using bonjour.

Printing from Windows machines work just fine, Apple devices trouble I can only ping the printer.

Also when I connect my old Netgear smart managed switch (GS108T) anything works perfectly!

It must be something wrong in the Cisco SG300 switches for sure.

i've had this similar situation with a WLC5508, i had to enable multicasting on the controller properly.

my guess is it is not setup properly in the SG300.  the SMB switches are a PAIN in the butt to work with in my experience, we have a guy that buys those for his SCADA systems, and i have to configure them .  

paul, here is a link to configure multicast on the 300 and 500 series

https://svsiav.zendesk.com/entries/21473877-Configuring-A-Cisco-SG300-500-Switch-for-IGMP-and-VLANS

hope that works!

Thank you Mark, unfortunately it didn't solve the problem.

Bonjour devices are still not being disovered.

Looks like the Apple ios stuff is really not designed to work with enterprise networks at all just like the many Google results about this already showed me.

Still makes me wonder what the Cisco switches do different in L2 mode from any other un/managed switches around?

It works fine with the Netgear GS108T switches in place, Muticast and IGMP snooping features where disabled.


A bit worrying that it stops responding to pings. The NMAP port scan shows that it is still listening on UDP port 5353 throughout though. Do you see anything on the port on the switch? Like does it go up/down when you are seeing these issues?

I see no reason why Apple stuff should not work with Enterprise kit - these are all open standards designed to interoperate with each other.

I did a test again, switches are now in L3 mode ARP proxy on, multicast IGMP snooping on just like the tutorial by Adam Walton at zendesk.com

Also kept a SSH terminal open to the switch to see if there are any links going down, and they where present all of the time.

I pinged the Apple TV during this time

64 bytes from 192.168.1.20: icmp_seq=2365 ttl=64 time=4.321 ms

64 bytes from 192.168.1.20: icmp_seq=2366 ttl=64 time=3.265 ms

^C

--- 192.168.1.20 ping statistics ---

2367 packets transmitted, 2312 packets received, 2.3% packet loss

round-trip min/avg/max/stddev = 0.775/5.029/13.671/2.343 ms

There is a 2.3% loss, this happened at the moment when the Apple TV has gone into stanby (the led goes off) still the link was up also checked this at the switch.

64 bytes from 192.168.1.20: icmp_seq=1785 ttl=64 time=1.002 ms

64 bytes from 192.168.1.20: icmp_seq=1786 ttl=64 time=7.949 ms

64 bytes from 192.168.1.20: icmp_seq=1787 ttl=64 time=6.852 ms

64 bytes from 192.168.1.20: icmp_seq=1788 ttl=64 time=6.396 ms

Request timeout for icmp_seq 1789

Request timeout for icmp_seq 1790

Request timeout for icmp_seq 1791

Request timeout for icmp_seq 1792

36 bytes from 192.168.1.6: Redirect Host(New addr: 192.168.1.20)

Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst

4  5  00 0054 2c1e   0 0000  40  01 cb16 192.168.1.16  192.168.1.20

Request timeout for icmp_seq 1793

36 bytes from 192.168.1.6: Redirect Host(New addr: 192.168.1.20)

Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst

4  5  00 0054 e167   0 0000  40  01 15cd 192.168.1.16  192.168.1.20

Request timeout for icmp_seq 1794

36 bytes from 192.168.1.6: Redirect Host(New addr: 192.168.1.20)

Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst

4  5  00 0054 8d52   0 0000  40  01 69e2 192.168.1.16  192.168.1.20

During this time the AppleTV was still present in the bonjour browser?

Then later the AppleTV began replying on pings again (still the device remained in stanby mode)

64 bytes from 192.168.1.20: icmp_seq=1866 ttl=64 time=3.332 ms

36 bytes from 192.168.1.6: Redirect Host(New addr: 192.168.1.20)

Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst

4  5  00 0054 87ad   0 0000  40  01 6f87 192.168.1.16  192.168.1.20

64 bytes from 192.168.1.20: icmp_seq=1867 ttl=64 time=10.833 ms

64 bytes from 192.168.1.20: icmp_seq=1868 ttl=64 time=2.668 ms

64 bytes from 192.168.1.20: icmp_seq=1869 ttl=64 time=1.593 ms

64 bytes from 192.168.1.20: icmp_seq=1870 ttl=64 time=1.241 ms

Then at about 2000 seconds the AppleTV still responds to pings but dissapeared from the bonjour browser.

Screenshot of Wireshark

http://imagestore.paulsteenbergen.net/Screen%20Shot%202013-06-03%20at%2012.55.22%20PM.png

Why is 192.168.1.6 (Apple Airport Extreme) telling this?

It has notting to do with the wired connection between the Macbookpro/thunderbolt adapter 192.168.1.16 and AppleTV at 192.168.1.20

To get from the Macbook to the AppleTV it need to cross 3 (SG300) switches 192.168.1.3 <> 192.168.1.2 <> 192.168.1.4

Airport is connected to 192.168.1.2

NMAP Output when AppleTV was present

Starting Nmap 6.25 ( http://nmap.org ) at 2013-06-03 12:04 CEST

NSE: Loaded 106 scripts for scanning.

NSE: Script Pre-scanning.

Initiating ARP Ping Scan at 12:04

Scanning 192.168.1.20 [1 port]

Completed ARP Ping Scan at 12:04, 0.01s elapsed (1 total hosts)

Initiating Parallel DNS resolution of 1 host. at 12:04

Completed Parallel DNS resolution of 1 host. at 12:04, 6.51s elapsed

Initiating SYN Stealth Scan at 12:04

Scanning 192.168.1.20 [1000 ports]

Increasing send delay for 192.168.1.20 from 0 to 5 due to 34 out of 84 dropped probes since last increase.

Discovered open port 7000/tcp on 192.168.1.20

Discovered open port 5000/tcp on 192.168.1.20

Increasing send delay for 192.168.1.20 from 5 to 10 due to max_successful_tryno increase to 5

Discovered open port 3689/tcp on 192.168.1.20

Warning: 192.168.1.20 giving up on port because retransmission cap hit (6).

Discovered open port 62078/tcp on 192.168.1.20

Discovered open port 7100/tcp on 192.168.1.20

Completed SYN Stealth Scan at 12:05, 27.75s elapsed (1000 total ports)

Initiating UDP Scan at 12:05

Scanning 192.168.1.20 [1000 ports]

Increasing send delay for 192.168.1.20 from 0 to 50 due to 68 out of 169 dropped probes since last increase.

Discovered open port 5353/udp on 192.168.1.20

Completed UDP Scan at 12:06, 50.02s elapsed (1000 total ports)

Initiating Service scan at 12:06

Scanning 6 services on 192.168.1.20

Completed Service scan at 12:06, 21.06s elapsed (6 services on 1 host)

Initiating OS detection (try #1) against 192.168.1.20

NSE: Script scanning 192.168.1.20.

Initiating NSE at 12:06

Completed NSE at 12:06, 8.22s elapsed

Nmap scan report for 192.168.1.20

Host is up (0.0050s latency).

Not shown: 1954 closed ports, 40 filtered ports

PORT      STATE SERVICE    VERSION

3689/tcp  open  daap       Apple iTunes DAAP 11.0.1d1

5000/tcp  open  rtsp       Apple AirTunes rtspd 160.10 (Apple TV)

| rtsp-methods:

|_  ANNOUNCE, SETUP, RECORD, PAUSE, FLUSH, TEARDOWN, OPTIONS, GET_PARAMETER, SET_PARAMETER, POST, GET

7000/tcp  open  http       Apple AirPlay httpd

| http-methods: GET OPTIONS POST PUT

| Potentially risky methods: PUT

|_See http://nmap.org/nsedoc/scripts/http-methods.html

|_http-title: Site doesn't have a title.

7100/tcp  open  http       Apple AirPlay httpd

|_http-title: Site doesn't have a title.

62078/tcp open  tcpwrapped

5353/udp  open  mdns       DNS-based service discovery

| dns-service-discovery:

|   3689/tcp touch-able

|     txtvers=1

|     RmSV=65536

|     DbId=6BBD97D4AD81E7E8

|     CtlN=Apple\xC2\xA0TV

|     DvSv=1312

|     DvTy=AppleTV

|     iV=196617

|     Ver=131075

|     Address=192.168.1.20 fe80:0:0:0:1240:f3ff:feea:985e

|   3689/tcp appletv-v2

|     txtvers=1

|     hG=00000000-0b83-7d8c-cc3a-5f4c1899488d

|     MniT=167845888

|     fs=2

|     Name=Apple\xC2\xA0TV

|     PrVs=65538

|     DFID=2

|     EiTS=1

|     MiTPV=196611

|     Address=192.168.1.20 fe80:0:0:0:1240:f3ff:feea:985e

|   5000/tcp raop

|     txtvers=1

|     ch=2

|     cn=0,1,2,3

|     da=true

|     et=0,3,5

|     ft=0x5A7FFFF7

|     md=0,1,2

|     pw=false

|     pk=0b493b51d0a001a53b2dc16e6bf679ac458e571e32ca5c595123cad0692f3170

|     sv=false

|     sr=44100

|     ss=16

|     tp=UDP

|     vn=65537

|     vs=160.10

|     vv=1

|     am=AppleTV3,1

|     sf=0x4

|     Address=192.168.1.20 fe80:0:0:0:1240:f3ff:feea:985e

|   7000/tcp airplay

|     deviceid=10:40:F3:EA:98:5E

|     features=0x5a7ffff7

|     flags=0x4

|     model=AppleTV3,1

|     pk=0b493b51d0a001a53b2dc16e6bf679ac458e571e32ca5c595123cad0692f3170

|     srcvers=160.10

|     vv=1

|     model=J33AP

|     Address=192.168.1.20 fe80:0:0:0:1240:f3ff:feea:985e

|   60618/udp sleep-proxy

|_    Address=192.168.1.20 fe80:0:0:0:1240:f3ff:feea:985e

MAC Address: 10:40:F3:EA:98:5E (Apple)

Device type: media device|phone

Running: Apple iOS 4.X|5.X|6.X

OS CPE: cpe:/o:apple:iphone_os:4 cpe:/a:apple:apple_tv:4 cpe:/o:apple:iphone_os:5 cpe:/o:apple:iphone_os:6

OS details: Apple Mac OS X 10.8.0 - 10.8.2 (Mountain Lion) or iOS 4.4.2 - 6.0.0 (Darwin 11.0.0 - 12.2.0)

Uptime guess: 8.685 days (since Sat May 25 19:40:37 2013)

Network Distance: 1 hop

TCP Sequence Prediction: Difficulty=258 (Good luck!)

IP ID Sequence Generation: Randomized

Service Info: OSs: OS X, Mac OS X; Device: media device; CPE: cpe:/o:apple:mac_os_x

TRACEROUTE

HOP RTT     ADDRESS

1   5.00 ms 192.168.1.20

NSE: Script Post-scanning.

Read data files from: /usr/local/bin/../share/nmap

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 116.59 seconds

           Raw packets sent: 3983 (147.799KB) | Rcvd: 2060 (102.487KB)

NMAP Ouput when AppleTV was gone

Starting Nmap 6.25 ( http://nmap.org ) at 2013-06-03 12:30 CEST

NSE: Loaded 106 scripts for scanning.

NSE: Script Pre-scanning.

Initiating ARP Ping Scan at 12:30

Scanning 192.168.1.20 [1 port]

Completed ARP Ping Scan at 12:30, 0.01s elapsed (1 total hosts)

Initiating Parallel DNS resolution of 1 host. at 12:30

Completed Parallel DNS resolution of 1 host. at 12:30, 6.51s elapsed

Initiating SYN Stealth Scan at 12:30

Scanning 192.168.1.20 [1000 ports]

Discovered open port 7100/tcp on 192.168.1.20

Discovered open port 62078/tcp on 192.168.1.20

Discovered open port 7000/tcp on 192.168.1.20

Discovered open port 3689/tcp on 192.168.1.20

Increasing send delay for 192.168.1.20 from 0 to 5 due to 70 out of 174 dropped probes since last increase.

Increasing send delay for 192.168.1.20 from 5 to 10 due to max_successful_tryno increase to 5

Warning: 192.168.1.20 giving up on port because retransmission cap hit (6).

Discovered open port 5000/tcp on 192.168.1.20

Completed SYN Stealth Scan at 12:30, 29.56s elapsed (1000 total ports)

Initiating UDP Scan at 12:30

Scanning 192.168.1.20 [1000 ports]

Increasing send delay for 192.168.1.20 from 0 to 50 due to 42 out of 104 dropped probes since last increase.

Discovered open port 5353/udp on 192.168.1.20

Completed UDP Scan at 12:31, 51.79s elapsed (1000 total ports)

Initiating Service scan at 12:31

Scanning 6 services on 192.168.1.20

Completed Service scan at 12:32, 21.05s elapsed (6 services on 1 host)

Initiating OS detection (try #1) against 192.168.1.20

NSE: Script scanning 192.168.1.20.

Initiating NSE at 12:32

Completed NSE at 12:32, 8.19s elapsed

Nmap scan report for 192.168.1.20

Host is up (0.0052s latency).

Not shown: 1954 closed ports, 40 filtered ports

PORT      STATE SERVICE    VERSION

3689/tcp  open  daap       Apple iTunes DAAP 11.0.1d1

5000/tcp  open  rtsp       Apple AirTunes rtspd 160.10 (Apple TV)

| rtsp-methods:

|_  ANNOUNCE, SETUP, RECORD, PAUSE, FLUSH, TEARDOWN, OPTIONS, GET_PARAMETER, SET_PARAMETER, POST, GET

7000/tcp  open  http       Apple AirPlay httpd

|_http-title: Site doesn't have a title.

7100/tcp  open  http       Apple AirPlay httpd

|_http-title: Site doesn't have a title.

62078/tcp open  tcpwrapped

5353/udp  open  mdns       DNS-based service discovery

| dns-service-discovery:

|   3689/tcp touch-able

|     txtvers=1

|     RmSV=65536

|     DbId=6BBD97D4AD81E7E8

|     CtlN=Apple\xC2\xA0TV

|     DvSv=1312

|     DvTy=AppleTV

|     iV=196617

|     Ver=131075

|     Address=192.168.1.20 fe80:0:0:0:1240:f3ff:feea:985e

|   3689/tcp appletv-v2

|     txtvers=1

|     hG=00000000-0b83-7d8c-cc3a-5f4c1899488d

|     MniT=167845888

|     fs=2

|     Name=Apple\xC2\xA0TV

|     PrVs=65538

|     DFID=2

|     EiTS=1

|     MiTPV=196611

|     Address=192.168.1.20 fe80:0:0:0:1240:f3ff:feea:985e

|   5000/tcp raop

|     txtvers=1

|     ch=2

|     cn=0,1,2,3

|     da=true

|     et=0,3,5

|     ft=0x5A7FFFF7

|     md=0,1,2

|     pw=false

|     pk=0b493b51d0a001a53b2dc16e6bf679ac458e571e32ca5c595123cad0692f3170

|     sv=false

|     sr=44100

|     ss=16

|     tp=UDP

|     vn=65537

|     vs=160.10

|     vv=1

|     am=AppleTV3,1

|     sf=0x4

|     Address=192.168.1.20 fe80:0:0:0:1240:f3ff:feea:985e

|   7000/tcp airplay

|     deviceid=10:40:F3:EA:98:5E

|     features=0x5a7ffff7

|     flags=0x4

|     model=AppleTV3,1

|     pk=0b493b51d0a001a53b2dc16e6bf679ac458e571e32ca5c595123cad0692f3170

|     srcvers=160.10

|     vv=1

|     model=J33AP

|     Address=192.168.1.20 fe80:0:0:0:1240:f3ff:feea:985e

|   60618/udp sleep-proxy

|_    Address=192.168.1.20 fe80:0:0:0:1240:f3ff:feea:985e

MAC Address: 10:40:F3:EA:98:5E (Apple)

Device type: media device|phone

Running: Apple iOS 4.X|5.X|6.X

OS CPE: cpe:/o:apple:iphone_os:4 cpe:/a:apple:apple_tv:4 cpe:/o:apple:iphone_os:5 cpe:/o:apple:iphone_os:6

OS details: Apple Mac OS X 10.8.0 - 10.8.2 (Mountain Lion) or iOS 4.4.2 - 6.0.0 (Darwin 11.0.0 - 12.2.0)

Uptime guess: 8.702 days (since Sat May 25 19:41:25 2013)

Network Distance: 1 hop

TCP Sequence Prediction: Difficulty=257 (Good luck!)

IP ID Sequence Generation: Randomized

Service Info: OSs: OS X, Mac OS X; Device: media device; CPE: cpe:/o:apple:mac_os_x

TRACEROUTE

HOP RTT     ADDRESS

1   5.20 ms 192.168.1.20

NSE: Script Post-scanning.

Read data files from: /usr/local/bin/../share/nmap

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 120.11 seconds

           Raw packets sent: 4665 (175.859KB) | Rcvd: 2063 (102.783KB)

Osirison
Beginner

Is there really no Cisco engineer who can just explain how to basically configure a SG300 switch that will properly pass bonjour broadcasts since it does not work with these switches out of the box?...

Hello Paul,

I am not sure if this will help at all, but maybe this article might help.

Bonjour - Discovery Configuration on 200/300 Series Managed Switches

I hope this works.

Alex

Brett Ferrell
Beginner

You probably have moved on, but I just posted how I was able to get this to work... basically I have a Linux router (Ubiquiti) that has mdns reflection capability to support this use case.

https://supportforums.cisco.com/discussion/13097606/sg300-edgerouter-pro-cinbelltel-fiber-vlans-and-airplayappletv-success-story