# Tivo Program Data IP Address



## kathekas (Jul 8, 2004)

Hi

It appears that the problems I am experiecing downlaoding program data is do to the ISP blocking ports etc.

Please can someone tell me the IP address and port number/protocols that Tivo uses to get it data.

Thanks


----------



## blindlemon (May 12, 2002)

My last daily call used 204.176.49.32:8080 and 204.176.49.33:8080 - HTTP_GET


----------



## kathekas (Jul 8, 2004)

Thanks, how did you find that info?

When I check the firewall logs on my router, nothing is ever record for the Tivo, yet everything else gets logged, and Tivo is updating ok

Thanks in anticipation


----------



## ColinYounger (Aug 9, 2006)

If you look in the logs - specifically Ohttp - you'll see a breakdown of the daily call.

It's in Ohttp as the later stages of a daily call process rotates the logs, meaning if renames http to Ohttp. On my TiVo, it's only the daily call that writes to the http log.


----------



## iankb (Oct 9, 2000)

It appears to use port 80 for the initial connection to the service, and then port 8080 to retrieve the EPG data. There is also a mention of UDP port 7884 in the logs, but it's not obvious that it tries to make a connection on that.

Port 8080 would never be blocked by an ISP, since it is commonly used for web proxies, and in most cases where a second webserver is running on a computer.


----------



## iankb (Oct 9, 2000)

As to IP addresses, mine makes the initial connection on 204.176.49.3:80, and then downloads the slice data from both 204.176.49.31:8080 and 204.176.49.32:8080. It's possible that the IP addresses may vary according to the recording source, or simply because they are using web clusters.


----------



## kitschcamp (May 18, 2001)

iankb said:


> Port 8080 would never be blocked by an ISP, since it is commonly used for web proxies, and in most cases where a second webserver is running on a computer.


Not directly, but if there is a transparent proxy in the way sometimes they can wreck the dialogue between a TiVo and the TiVo servers. I remember when I moved to ntl: years back it caused me no end of grief till I found the magical commands to make it work.


----------



## kathekas (Jul 8, 2004)

Thanks everyone.

Its a transparent proxy server which is causing my problems

kitschcamp - What commands did you enter?


----------



## iankb (Oct 9, 2000)

kitschcamp said:


> Not directly, but if there is a transparent proxy in the way ...


Transparent proxies seem to cause so many problems, I was hoping that they had faded away. However, their pure transparency seems to allow ISP to keep trying them within notifying anybody, and it seems to be impossible to find out whether an ISP is using them if you want to sign up with one.

The effect of transparent proxies shouldn't differ between port 80 and port 8080 and, if they do, it is more likely that they cache port 80 traffic than port 8080 traffic.


----------



## kitschcamp (May 18, 2001)

Hang on, I'll see if I can find it.

Erm... Got it!


```
The important thing is to edit /tvlib/tcl/tv/Ident.itcl (after making a backup) and add the line 

puts $conn "Content-Length: 0" 

after the 

puts $conn "IDB_TIMESTAMP: $now" 

line. Fixed the problem with ntl:'s transparent proxies quickly and easily.
```


----------



## iankb (Oct 9, 2000)

kathekas said:


> Its a transparent proxy server which is causing my problems


I gather from this post that you had it sorted once. Do you think that they switched the proxy back on?


----------



## kitschcamp (May 18, 2001)

iankb said:


> The effect of transparent proxies shouldn't differ between port 80 and port 8080 and, if they do, it is more likely that they cache port 80 traffic than port 8080 traffic.


Sadly they did - unless you made the change above they threw their toys out of their prams. A properly configured transparent proxy should be exactly that; unfortunately ntl: never were very good at "properly configured".


----------



## ColinYounger (Aug 9, 2006)

Interestingly, my Tivo only referred to 204.176.49.32 for the slices. No reference to 204.176.49.31.


----------



## ColinYounger (Aug 9, 2006)

Also interestingly, I'm with VM (xNTL) and haven't seen any proxy problems...


----------



## iankb (Oct 9, 2000)

ColinYounger said:


> Interestingly, my Tivo only referred to 204.176.49.32 for the slices. No reference to 204.176.49.31.


As I suggested, they may spread the load on the servers by allocating Sky (which I use) and Cable to different servers, or the initial connection on port 80 allocates different servers for the following port 8080 connection, to balance the load.


----------



## kathekas (Jul 8, 2004)

Yes, got it sorted on the satellite internet eventually by the ISP truning off the proxy on our account. 

Satellite internet is very expensive about £80 per month, ADSL has now become available at a much lower price, so finances dictate that we switch.

But now have to resolve the proxy issues again.

Thanks everyone for the responses


----------



## iankb (Oct 9, 2000)

ColinYounger said:


> Also interestingly, I'm with VM (xNTL) and haven't seen any proxy problems...


I gather that he's using a satellite ISP, so maybe NTL do have it sorted now.

I also wonder whether it depends on the machine times that are set on both the client browser and the proxy server, that decides whether to use the ISP's cache or not. It could also depend on whether other TiVo users are using the same ISP. Transparent proxies seem to be a black art, at least (it seems) for the people who implement them. 

_Edit:_ I see that he is no longer on satellite, but obviously not on (ex-)NTL.


----------



## ColinYounger (Aug 9, 2006)

Up there with you, Ian!  I was just reporting in for statistical interest of working out what goes on.

If it's load balancing, then the time is likely to be relevant. My call is around 6am (BST). 

If it's 'application' driven (i.e. Sky on one server, etc), then lineup will be relevant. Any Freeview\Aerial only users prepared to share?

Also, I'd love to know what the 'conversation' between TiVo and mothership is to start with (out of curiosity rather than malicious intent). If anyone has pointers, feel free to share (PM if it's sensitive).


----------



## verses (Nov 6, 2002)

I only use Freeview and my Ohttp log refers to the following 3 IP addresses;
204.176.49.3:80
204.176.49.31:8080
204.176.49.33:8080

Only 1 slice appears to be retrieved from .31 and its full URL appears to contain the first part of my Post Code.

Ian

PS: I've not looked at this log before so I'm not 100% fluent with what I'm looking at, although I have some familiarity with HTTP server logs.


----------



## ColinYounger (Aug 9, 2006)

OK - let's go a little further then. Perhaps the balancing is based on channel (still 'application' in my terms).

According to the DATA_GROUP_LIST (which appears to be a list of the items downloaded), i go the following from .32:

SC_bsky50,SC_bsky55,SC_bsky59,SC_bsky62
SC_chfour56,SC_chfour57,SC_chfour66,SC_iGuideUK1,SC_ukgold58

and there is a slice for my postal code area downloaded as well.

I'm sure that the ozTivo folks know all about this.


----------



## cwaring (Feb 12, 2002)

ColinYounger said:


> Also interestingly, I'm with VM (xNTL) and haven't seen any proxy problems...


Just FYI, AIUI VM (xNTL) are retiring their proxies.


----------



## ColinYounger (Aug 9, 2006)

Carl - I got an email (I think - might have been a leaflet) saying as such some months ago. But my so-subtle-no-one-will-notice point is that I've *never* had a proxy problem, and neither has a friend who lives 1/2m away.

I was wondering if it was a TW thing, and area thing or a usage analysis thing (i.e. they've spotted that you're asking for the same stuff as the majority).

My gut would be with the latter as that's how I understand network profiling to work.


----------



## cwaring (Feb 12, 2002)

I don't think TW ever used proxy servers; only NTL.


----------



## kitschcamp (May 18, 2001)

No, I was in a Pure NTL area and we had proxies. It was hyper variable across ntl where they put proxies, and over what time periods. They seemed to introduce them whenever they had capacity problems, and retire them when people complained, and then sneak them back in again.


----------



## ColinYounger (Aug 9, 2006)

kitschcamp said:


> They seemed to introduce them whenever they had capacity problems


That would make sense. I've never seen that done before. <innocent look>


----------



## iankb (Oct 9, 2000)

ColinYounger said:


> Also, I'd love to know what the 'conversation' between TiVo and mothership is to start with (out of curiosity rather than malicious intent). If anyone has pointers, feel free to share.


No idea of the reality, but given the obvious nature of the connection, I would expect them to be using an encrypted transaction. However, since they aren't obviously using HTTPS, and any use of a fixed encryption key could be reverse-engineered, I would expect them to generate a random block encryption (e.g. Triple-DES) session key using a public/private key exchange protocol (e.g. Diffie-Hellman). At least that is what I've used in the same situation.

If I'm right, then the first data exchange could well be the transfer of the public keys that each have 'randomly' generated.

Of course, TiVo may just be using a fixed encryption key, on the basis that nobody will bother to reverse-engineer it. Basically, nobody will bother to break encryption unless the cost of breaking it is less than the value of the broken product, or one can achieve fame by breaking it.

And for those who are actually interested ...

Because they both used the same two prime numbers (one of which must be really, really huge) to generate their 'random' public/private pairs, Diffie-Hellman allows them to use the opposite public key with their own private key to generate the same block-encryption key. SSL (as used by HTTPS) uses a more complex protocol that is designed to stop the 'man in the middle' attack (i.e. somebody who sits in the middle pretending to be the other half, and negotiates separate connections with each of the others.

'Cryptographic Engineer' is one of my many titles.


----------



## ColinYounger (Aug 9, 2006)

Ian,

I had suspected there was some kind of key swapping, looking at the slice filenames. But that's where my knowledge of encryption stops. 



iankb said:


> 'Cryptographic Engineer'


 indeed. I'm not worthy!


----------



## cwaring (Feb 12, 2002)

I can think of another name for him


----------



## TCM2007 (Dec 25, 2006)

Why would they encrypt it at all?


----------



## ColinYounger (Aug 9, 2006)

I think I'll read between the lines there.

Looking at the slice names again, I can see that I was hasty:

C-bsky55-d1-e13646-r13634-v311

My first glance made me think the last portions were some kind of key, but looking again I think that the letters are abbreviations.

Trouble is, daily updates don't give much 'food'. Guess I have to wait for a Saturday update.


----------



## iankb (Oct 9, 2000)

TCM2007 said:


> Why would they encrypt it at all?


It depends on what they decided to do to avoid the service being abused.

There are many things that you can do to authenticate a user, and stop the sharing of serial numbers, that they wouldn't want to be easily recognised, or easily replicated. Windows authentication is a prime example, although that could be handled by the simple transfer of data using one-way cryptographic hashes.

You also issue numbers in a pre-agreed pseudo-random number sequence, that would mean that only the same machine as connected last under that serial number could connect again. That is the method used by my BMW and remote-controlled garage door locks to prevent anybody recording the wireless transmission and re-sending it. The transmitted unlock code changes on each use.

An even simpler method would be for the server to issue a ticket in the form of a random number on each connection that must be supplied on the next connection.

Any encryption would not be to hide the transferred data from a third-party, but to hide the data from any end-user that has a simple network monitor, to make it harder for them to spot what is going on.

I've no idea whether TiVo use encryption or not but, one day when I'm bored, I may load up Wireshark in promiscuous mode and find out.


----------



## iankb (Oct 9, 2000)

ColinYounger said:


> Looking at the slice names again, I can see that I was hasty:
> 
> C-bsky55-d1-e13646-r13634-v311
> 
> My first glance made me think the last portions were some kind of key, but looking again I think that the letters are abbreviations.


Public keys would be numbers with several hundred digits so, if they did use them, they would probably be in the 364 bytes transferred on port 80 at the start of the session. I suspect that TiVo don't share my natural paranoia, and I am probably overcomplicating their protocol.


----------



## yungee (Dec 29, 2002)

cwaring said:


> I don't think TW ever used proxy servers; only NTL.


They did in South London. I needed to edit the file to have the "put conn" line in about 3 years ago.


----------



## TCM2007 (Dec 25, 2006)

The numbers after the r and e look like dates in TiVo internal format to me.


----------



## kathekas (Jul 8, 2004)

WOW

Its amazing the konwledge of the people in this forum

Can someone tell we where to find the Ohttp logs

Thanks again everyone


----------



## cwaring (Feb 12, 2002)

The Backdoor mode can be entered using the remote by doing a "Browse By Name" for "B D 2 5" 

Note: 
1. Not including quote marks
2. There is one space between each character. 

then use this:

C-E-C Thumbs-Up - Will allow you to access the TiVo's log files on your TV screen. Page up and page down allow you to move through the log information and the right arrow you to move through the log files. Use the left arrow key to get back out to the normal TiVo menus.

There's a load more. See attached file.

If you have network access and TivoWeb, just check the LOG files


----------



## kathekas (Jul 8, 2004)

The Backdoor mode can be entered using the remote by doing a "Browse By Name" for "B D 2 5" 

"C-E-C Thumbs-Up"

I am sorry if I am being thick here, but how do you enter "B D 2 5" or "C-E-C"

Thanks


----------



## ColinYounger (Aug 9, 2006)

OK - Press your TivoButton.

Down arrow to pick programmes to record. Press Select.

Press select (Search by title)

Press select (all programmes)

Now use this screen to enter B D 2 5. This screen - where you enter text - is often referred to as the 'ouiji board' (might not have spelled that correctly).

Press thumbs up. 

TiVo will now beep a load of times and 'Backdoors enabled!' will appear where you typed B D 2 5.

Press LiveTV to carry on. Backdoors are enabled until the TiVo reboots.

C-E-C is an abbreviation for pressing Clear then Enter then Clear.


----------

