StifleR
2.10
2.62.10
2.10
2.62.10
  • Start Here - StifleR 2.10
  • Introduction
    • StifleR Overview
      • The StifleR Solution
      • Managing Microsoft Data Transfer Services
    • Technical Overview
      • 2Pint BranchCache Administrator Guide
    • Features Overview
      • Control
      • Monitor
      • Automate
      • Other Features
      • StifleR Feature Details
    • Release Notes
  • Proof of Concept
    • Objectives and Prerequisites
    • Configure Microsoft Peer-to-Peer Components
    • Install and Configure StifleR
    • Testing and Validation
    • StifleR POC Quick Checklist
  • Planning
    • StifleR Server Considerations
    • StifleR Client Considerations
    • Firewall Ports
    • Permissions
    • Antivirus Exclusions
    • Network Topology
    • StifleR Generic Concepts
      • Client Leader Roles
        • Red Leader
        • Blue Leader
        • Green Leader
        • Examples of Leader Selection
      • Templates
      • Beacons
  • Installation
    • Overview
    • Server
      • StifleR Server Installation
      • StifleR Dashboard Installation
      • StifleR Beacon Installation
    • Client
      • StifleR Client Installation
      • Post Installation Checks
  • Configuration
    • Configuration Files
      • StifleR Server Configuration File
        • Using the AppSettings Override File
      • StifleR Client Configuration File
      • StifleR Dashboard Configuration File
    • Configuring BranchCache on Windows Server
    • Configuring Delivery Optimization
    • Configuring LEDBAT on CM DPs
    • Configuring a Beacon Server
    • Configuring StifleR SQL History
    • StifleR Network Locations
      • Automatic linking of Location, Network Groups and Networks
      • Network Topology Automation
      • Location Fields
        • Network Group Fields
          • Network Fields
    • StifleRulez.xml Configuration Guide
      • The Match – TypeData
        • When the Job Title Isn’t Suitable
        • ConfigMgr Specific Rules
      • The Setting - DownloadTypes
        • Delivery Optimization Jobs
      • Sample StifleRulez.xml
    • Securing StifleR Operations with SSL
      • Prerequisites
      • Using a Web Server Certificate
        • Requesting a Web Server Certificate
      • Using a Self-Signed Certificate
      • Preparing the StifleR Dashboard Web Site for SSL
      • Configuring StifleR to Use SSL
      • Finding the Certificate Thumbprint
    • StifleR Client Access Control Options
  • Operations
    • Dashboard
      • Overview & Navigation
        • Home Page
        • Traffic & Downloads
          • Transfers & Downloads
            • How to use query hosts search?
          • Running Sequences
          • Weekly Downloads Activity
          • History
        • Devices
          • Clients
            • Client Details
              • How to use an extended search?
          • Servers
          • StifleR Server
            • Templates Detail
        • Cache Management
        • System Resource Usage
        • Network Topology
          • Maps
          • Countries
          • Locations
            • Bandwidth Allocations and Locations
          • Network Groups
          • Networks
        • Reporting & Diagrams
    • Client Management & Remote Tools
      • Remote PowerShell Session
      • Remote Performance Counter
      • Remote WMI Browsing
      • Remote Event Log Viewer
      • Remote Netmon Session
    • Monitoring
      • StifleR server health
      • StifleR client health
      • BranchCache Testing and Monitoring
    • Maintenance tasks
    • Bandwidth Management and Allocation
      • Bandwidth Tuning Monitoring and Control
    • Backup and Recovery
      • Moving the StifleR Server Databases to a New Drive on the Same Server
    • Troubleshooting
      • StifleR Client Command Line Options
      • BranchCache across Subnets
    • StifleR WMI Provider
Powered by GitBook
On this page
  1. Planning

Firewall Ports

PreviousStifleR Client ConsiderationsNextPermissions

Last updated 1 month ago

StifleR Ports

The following (client) ports are used for the InterVLAN feature (see later). An asterisk (*) indicates a dynamic Port number. BranchCache tries to use a random port among the dynamic port range (49152-65535) as specified in RFC6335 section 6.

The table below describes the specific ports and communication flow used by the StifleR Client and BranchCache.

Distributed Cache Mode Comunications

Request Flow

  1. TCP 443 HTTP(S) GET request for content

  2. TCP 443 Returns content metadata + hashes

  3. Checks local cache for content

  4. UDP 3702 (Broadcast) WS-Discovery broadcast (MC): Searching for peers with content ID

  5. UDP 3702 (Unicast) WS-Discovery response: Indicates content availability

  6. TCP 1337 Requests content segments

  7. TCP 1337 Sends encrypted content segments

  8. Verifies received segments against hashes from server

Fallback If no clients responds with content hashes or if hash verification fails.

  1. TCP 443 Requests Content from source

  2. TCP 443 Sends requested Content

From
To
Source Port
Destination Port
Protocol
Component
Details

Client

Subnet

*(dynamic)

3702

UDP Multicast

BranchCache

Probe

Leader

Leaders

3704

3704

UDP Unicast

StifleR Client

Fwd Request

Leader

Subnet

3703

3702

UDP Multicast

StifleR Client

Fwd Request

Client

Leader

3703

*

UDP Unicast

BranchCache

Probe Match

Leader

Leader

3705

3705

UDP Unicast

StifleR

Fwd Probe Match

Leader

Client

3703

3702

UDP Unicast

StifleR

Fwd Probe Match

Client

Leader

*

81 (configurable)

HTTP (TCP/IP)

BranchCache

Req Data

Leader

Client

*

80 (BranchCache)

HTTP (TCP/IP)

StifleR

Req Data

Server – Client Communication:

  • Source – dynamic

  • Destination – Port 1414 TCP/IP & Port 1414 UDP for Web Sockets

Web Server - Dashboards:

  • Source - dynamic

  • Port 9000 is used by server to host the dashboard/data API. Dashboard uses it to connect to the REST API to get data

  • Port 80 / 443 - dashboards

Beacon Server Port:

  • For clients to send iperf packets to Server iPerf packets - Server TCP/UDP 5201

    FastPing packets - Server TCP 5200

Stifler Client Local Firewall Port openings required - Incoming

Name
Executable
Local Address
Remote Address
Local Port
Remote Port
Protocol
Customizable

2Pint Software StifleR - Blue Leader Data From Remote Peer - In

TwoPint.PeerDist.BlueGreenLeader.exe

Any

Any

1337

Any

TCP

Yes

2Pint Software StifleR - Green Leader Peer Data - In

TwoPint.PeerDist.BlueGreenLeader.exe

Any

Any

1337, 1339

Any

TCP

Yes

2Pint Software StifleR - Blue Leader Peer Data - In

TwoPint.PeerDist.BlueGreenLeader.exe

Any

Local Subnet

1338

Any

TCP

Yes

2Pint Software StifleR - Peer Probes - In

TwoPint.PeerDist.BlueGreenLeader.exe

Any

Local Subnet

3702

Any

UDP

Yes

2Pint Software StifleR - Blue Leader Peer Probe Match - In

TwoPint.PeerDist.BlueGreenLeader.exe

Any

Any

Any

3702

UDP

Yes

2Pint Software StifleR - mDNS - In

TwoPint.PeerDist.BlueGreenLeader.exe

Any

Local Subnet

5353

Any

UDP

Yes

Stifler Client Local Firewall Port openings required - Outcoming

Name
Executable
Local Address
Remote Address
Local Port
Remote Port
Protocol
Customizable

Beacon - iPerf packets

Any

Stifler Beacons

Any

5201

UDP

Yes

Beacon - FastPing

Any

Stifler Beacons

Any

5200

TCP

Yes

Blue Leader Data to requesting Peer - Out

SYSTEM

Any

Any

Any

1338

TCP

Yes

Blue Leader Data From Remote Peer - Out

TwoPint.PeerDist.BlueGreenLeader.exe

Any

Any

1337

Any

TCP

Yes

Green Leader Peer Data - Out

TwoPint.PeerDist.BlueGreenLeader.exe

Any

Any

Any

1337.1339

TCP

Yes

Blue Leader Peer Data - Out

TwoPint.PeerDist.BlueGreenLeader.exe

Any

Local Subnet

Any

1338

TCP

Yes

Peer Probes - Out

TwoPint.PeerDist.BlueGreenLeader.exe

Any

Local Subnet

3702

Any

UDP

Yes

Blue Leader Peer Probe Match - Out

TwoPint.PeerDist.BlueGreenLeader.exe

Any

Any

Any

3702

UDP

No

Blue Leader Probe Port

TwoPint.PeerDist.BlueGreenLeader.exe

Any

Any

3703

3703

UDP

Yes

mDNS - Out

TwoPint.PeerDist.BlueGreenLeader.exe

Any

5353

UDP

Access to Stifler Service

Stifler.Client.exe

Any

Any or Stifler server

Any

1414

UDP

No

Access to Stifler Service

Stifler.Client.exe

Any

Any or Stifler server

Any

1414

TCP

No

Access to Stifler Service

Twopint.remotetools.host.exe

Any

Any or Stifler server + Action hubs

Any

1415

UDP

No

Access to Stifler Service

Twopint.remotetools.host.exe

Any

server + Action hubs

Any

1415

TCP

No

Access to Stifler Service

Browser

Any

Stifler Server

Any

9000

TCP

No

Access to Stifler Service

Browser

Any

Any or Stifler server

Any

1414

TCP

No

Access to Stifler Service

Browser

Any

Any or Stifler server + Action hubs

Any

1415

TCP

No

BranchCache Local Firewall Port openings required - Incoming

Name
Executable
Local Address
Remote Address
Local Port
Remote Port
Protocol
Customizable

BranchCache Content Retrieval (HTTP-In)

SYSTEM

Any

Any

1337

Any

TCP

Yes

BranchCache Hosted Cache Server (HTTP-In)

SYSTEM

Any

Any

1339.443

Any

TCP

Yes

BranchCache Peer Discovery (WSD-In)

%SYSTEMROOT%\system32\svchost.exe

Any

Local Subnet

3702

Any

TCP

No

BranchCache Local Firewall Port openings required - Outcoming

Name
Executable
Local Address
Remote Address
Local Port
Remote Port
Protocol
Customizable

BranchCache Content Retrieval (HTTP-Out)

SYSTEM

Any

Any

Any

1337

TCP

Yes

BranchCache Hosted Cache Client (HTTP-Out)

SYSTEM

Any

Any

Any

1339.443

TCP

Yes

BranchCache Hosted Cache Server(HTTP-Out)

SYSTEM

Any

Any

1339.443

Any

TCP

Yes

BranchCache Peer Discovery (WSD-Out)

%SYSTEMROOT%\system32\svchost.exe

Any

Local Subnet

Any

3702

UDP

No