Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

how can i identify traffic that goes to the kinesis video service

0

I'm trying to do some traffic shaping so an offline upload of a file doesn't flood my network connection. But to create these tc rules i need to know either the destination ip address and/or the ports that are used for uploading.

Is there a default port that gets used ? I noticed the kinesis video end-point is a dns ( http://kinesisvideo.ap-southeast-2.amazonaws.com/ ) , and apparently it can resolve to multiple ip addresses.. so i'm just wondering what would be the best way to identify kvssink -> kinesis video traffic

from a network capture I think i can see that it goes to port 443, but i can't just filter on that because every connection to https is using that port.

if i lookup in https://ip-ranges.amazonaws.com/ip-ranges.json

it doesn't seem to have any entry for

       "region": "ap-southeast-2",

and

       service": "KINESIS_VIDEO_STREAMS

any idea on how i can identify traffic to kinesis video ?

Themen
AnalysenInternet der Dinge (IoT)
Tags
Amazon Kinesis Video Streams
Sprache
English
clogwog
gefragt vor 2 Jahren434 Aufrufe
3 Antworten
0

Hello

Because of load balancing, the IP are changing when resolve kinesisvideo.ap-southeast-2.amazonaws.com.

I did a quick test to resolve the kinesisvideo.ap-southeast-2.amazonaws.com, even it is changing, but it will in the following IP addresses:

3.104.149.251 13.236.240.54 13.236.62.73

so you can filter above three IP addresses only . Hope that helps, if not, please don't hesitate to reply.

Regards!

AWS
AWS-User-6819265
beantwortet vor 2 Jahren
  • clogwog
    vor 2 Jahren

    Are those 3 ip's the only 3 for kinesisvideo ? or can they change at any point ? and can those ip's also be used for iot-core ?

0

maybe i'll just do a ping every now and again and then look it in the cache

ping -c 1 -W 1 kinesisvideo.ap-southeast-2.amazonaws.com > /dev/null; sudo killall -USR1 systemd-resolved ; sudo journalctl -u systemd-resolved > ~/dns-cache.txt ; cat ~/dns-cache.txt | grep "kinesisvideo.ap-southeast-2.amazonaws.com" | grep "IN A " | grep -v NXDOMAIN | tail -n 1 | rev | cut -d ' ' -f 1 | rev

3.104.149.251

or directly at the ping output

ping -c 1 -W 1 kinesisvideo.ap-southeast-2.amazonaws.com | head -n 1 | cut -d '(' -f 2 | cut -d ')' -f 1
3.104.149.251
clogwog
beantwortet vor 2 Jahren
0

Those IPs are subject to change. it is a good idea that as you already did to get the most recent IP addresses using the scripts you shared.

AWS
AWS-User-6819265
beantwortet vor 2 Jahren

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt