why qemu open a lot of UDP port

https://stackoverflow.com/questions/22161240

19-10-2022
|

Question

When I start the guest os, the netstat anp command shows there is a lot of UDP port was opened. start command is:

./qemu-system-i386 -cpu host -smp 1 -m 1024 -hda win2008.qcow2 -usb -usbdevice tablet \
    -vnc :1 -net nic,macaddr=00:16:3e:1d:f2:6f -net user \
    -net nic,macaddr=00:16:3e:51:a7:be -net tap,ifname=tap_M,script=qemu-ifup,downscript=no \
    -enable-kvm

guest OS is win2008.

the netstat anp output looks like:

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
udp        0      0 0.0.0.0:33076           0.0.0.0:*                           20472/qemu-system-i
udp        0      0 0.0.0.0:53045           0.0.0.0:*                           20472/qemu-system-i
udp        0      0 0.0.0.0:53046           0.0.0.0:*                           20472/qemu-system-i
udp        0      0 0.0.0.0:50487           0.0.0.0:*                           20472/qemu-system-i
udp        0      0 0.0.0.0:36151           0.0.0.0:*                           20472/qemu-system-i
udp        0      0 0.0.0.0:58167           0.0.0.0:*                           20472/qemu-system-i
udp        0      0 0.0.0.0:44856           0.0.0.0:*                           20472/qemu-system-i
udp        0      0 0.0.0.0:34104           0.0.0.0:*                           20472/qemu-system-i
udp        0      0 0.0.0.0:38200           0.0.0.0:*                           20472/qemu-system-i
udp        0      0 0.0.0.0:46393           0.0.0.0:*                           20472/qemu-system-i
udp        0      0 0.0.0.0:45369           0.0.0.0:*                           20472/qemu-system-i
udp        0      0 0.0.0.0:60218           0.0.0.0:*                           20472/qemu-system-i
udp        0      0 0.0.0.0:40762           0.0.0.0:*                           20472/qemu-system-i
udp        0      0 0.0.0.0:38203           0.0.0.0:*                           20472/qemu-system-i
udp        0      0 0.0.0.0:36155           0.0.0.0:*                           20472/qemu-system-i
udp        0      0 0.0.0.0:38716           0.0.0.0:*                           20472/qemu-system-i
udp        0      0 0.0.0.0:35645           0.0.0.0:*                           20472/qemu-system-i
udp        0      0 0.0.0.0:45885           0.0.0.0:*                           20472/qemu-system-i
udp        0      0 0.0.0.0:49470           0.0.0.0:*                           20472/qemu-system-i
udp        0      0 0.0.0.0:45374           0.0.0.0:*                           20472/qemu-system-i
udp        0      0 0.0.0.0:50494           0.0.0.0:*                           20472/qemu-system-i
udp        0      0 0.0.0.0:53567           0.0.0.0:*                           20472/qemu-system-i
udp        0      0 0.0.0.0:56639           0.0.0.0:*                           20472/qemu-system-i
udp        0      0 0.0.0.0:50495           0.0.0.0:*                           20472/qemu-system-i
udp        0      0 0.0.0.0:36160           0.0.0.0:*                           20472/qemu-system-i

I want to know why qemu open so many udp port and for what use?

the qemu-ifup contents:

#!/bin/bash

switch=br0

if [ -n "$1" ]; then
    ip link set $1 up
    sleep 1
    brctl addif ${switch} $1
    exit 0
else
    echo "Error: no interface specified"
    exit 1
fi

No correct solution

OTHER TIPS

I believe as you are using -net user qemu will be doing user mode port translation for you from the local host ports to the guest ports. e.g. if you are running bgp in your guest then that would need to be listening on port 179. But of course you do not want your host to be doing that. So port translation will occur on packets leaving your VM going to the host and vice versa; kind of like NAT. Qemu has to set up this translartion for you so it all looks seamless for TCP/UDP traffic. It does not work for IMCP; so ping will fail.

look at http://wiki.qemu.org/Documentation/Networking for more info

so in summary your ports I believe are a result of guest communication resulting in these translations being created

hth

Licensed under: CC-BY-SA with attribution

Not affiliated with StackOverflow