SmartEye NET

General Protocol and Firewall Information

A firewall is a piece of hardware or software that prevents data packets from either entering or leaving a specified network. To control the flow of traffic, numbered ports in the firewall are either opened or closed to types of packets. The firewall looks at two pieces of information in each arriving or departing packet: the protocol through which the packet is being delivered, and the port number to which it is being sent. If the firewall is configured to accept the specified protocol through the targeted port, the packet is allowed through. SmartEye incorporates a component of Windows Media Player for the playback of files. It also uses a proprietary protocol to communicate back and forth with the server. Because SmartEye incorporates components of Windows Media Player and this proprietary protocol, some firewall configuration be necessary in order for the software to function properly.

Sockets, the SmartEye NET Protocol, and Firewalls

SmartEye communicates back and forth with SmartEye NET using a proprietary protocol which has been assigned the to the TCP port numbered 3898. This port number assignment was made by the Internet Assigned Numbers Authority (IANA) in October 2003. To verify, search for the "senip" protocol here. This "senip" protocol, which is very similar to HTTP or FTP, operates over a "socket", which is an end to end connection between two computers. Before describing the firewall setup, it is important to understand one thing about sockets: the difference between source ports and destination ports. SmartEye NET is open for connections to port 3898. So for a SmartEye client, the destination port is always 3898. The source port, on the other hand, is not a static number. When a socket connection is established, the socket searches for an open port on the local TCP/IP stack. Note that only one program can use a single port at one time (fortunately there are 65,536 TCP/IP ports on every Windows system). Depending on what is running on the local machine, various source ports might be in use. What might at first seem strange is that the source port will almost never be port 3898. To understand why this is the case, consider this analogy to HTTP. If a user went to a Windows 2000 Server which was hosting web pages (on port 80), that user would definitely be able to surf other pages on the Internet. If the source port of the HTTP socket had to be port 80, there would be two programs (Internet Explorer and IIS in this example) attempting to use the same port. Because of this, your firewall should be configured to allow any inside source/host TCP port while allowing at least TCP port 3898 as a destination.

To allow SmartEye users to communicate with SmartEye NET, the SmartEye client must be able to go out to a remote server (Destination Port) using TCP port 3898. If an entry exists in the firewall for HTTP/port 80, this entry could be duplicated and changed to port 3898 instead as the two protocols are very similar.

SmartEye NET also includes an Internet interface. This interface is also encrypted using industry standard SSL encryption. As a result, any user needing access to www.mysmarteye.com will need to permission to go out to a remote server (Destination Port) using TCP port 443.

Windows Media and Firewalls

Windows Media is able to receive media broadcasts through either UDP or TCP connections. For Windows Media content, UDP is preferred as it is a more efficient connection for video. UDP does require more ports to be opened however. TCP is less efficient, but also requires only a single open port.

To allow SmartEye users to stream video using UDP connections, the SmartEye client must be able to go out to a remote server using TCP port 1755 and UDP port 1755. The remote server must be able to communicate back in to the client using UDP ports between 1024 and 5000. It is only necessary to open as many UDP ports as there are clients. So if there will only be a maximum of ten clients connecting at once to SmartEye NET, the only ports necessary are UDP ports 1024-1033

To allow SmartEye users to stream video using TCP connections only, the SmartEye client must be able to go out to a remote server using TCP port 1755. The remote server must be able to communicate back in to the client using TCP port 1755.