This is a read-only archive of the Mumble forums.

This website archives and makes accessible historical state. It receives no updates or corrections. It is provided only to keep the information accessible as-is, under their old address.

For up-to-date information please refer to the Mumble website and its linked documentation and other resources. For support please refer to one of our other community/support channels.

Jump to content

Log Entry for Attempted Connection to Sever NOT on my list..


Recommended Posts

We have some very restrictive firewall policies where I work. We block the default Mumble port in except to approved IPs. Anyway, we've observed attempted connections to: 64738

Address lookup

canonical name



This appears to resolve to some guy's cable modem.

It also appears to be a valid Murmur/Mumble server:


:~$ openssl s_client -showcerts -connect


depth=0 CN = Murmur Autogenerated Certificate v2

verify error:num=18:self signed certificate

verify return:1

depth=0 CN = Murmur Autogenerated Certificate v2

verify return:1


Certificate chain

0 s:/CN=Murmur Autogenerated Certificate v2

i:/CN=Murmur Autogenerated Certificate v2






















Server certificate

subject=/CN=Murmur Autogenerated Certificate v2

issuer=/CN=Murmur Autogenerated Certificate v2


No client certificate CA names sent


SSL handshake has read 1178 bytes and written 633 bytes


New, TLSv1/SSLv3, Cipher is AES256-SHA

Server public key is 2048 bit

Secure Renegotiation IS supported

Compression: NONE

Expansion: NONE


Protocol : TLSv1

Cipher : AES256-SHA

Session-ID: D99E7D0D1010F01835F927BC72CDA9144C1235A0929A9F9D9BA935B8D199AF48


Master-Key: BF57F8696A3D0A05E65B8623B5461C2D78FC9B4323F71DCE8253608DEBE18B1BA49D59FD2601ABB23C85E68AA7CB16AC

Key-Arg : None

PSK identity: None

PSK identity hint: None

SRP username: None

TLS session ticket lifetime hint: 7200 (seconds)

TLS session ticket:

0000 - 09 52 f9 a3 54 f5 34 9f-20 d6 ee 19 50 d3 90 2f .R..T.4. ...P../

0010 - 7a 1e 85 ee b0 5c 23 91-0b d5 1e d2 8a b0 87 48 z....\#........H

0020 - 09 d6 b0 4f 88 5b 34 bc-d6 4e bc 7b fd d4 73 5c ...O.[4..N.{..s\

0030 - 64 d7 90 1f b5 0e d6 44-ad f5 f3 b1 37 35 3a ec d......D....75:.

0040 - 31 0b 91 88 5c 68 03 bc-f0 60 9e 9a 26 4a 2b 86 1...\h...`..&J+.

0050 - cd 05 2a 10 e1 52 1c bd-99 7f 6a f9 52 a1 c2 bc ..*..R....j.R...

0060 - ce d4 b1 85 d7 41 6a 69-84 48 61 00 bb fd 20 49 .....Aji.Ha... I

0070 - 1d be c0 8f e6 ab 3c 87-a8 51 ac 91 dc d4 5b 70 ......<..Q....[p

0080 - 2e 25 cf 95 cb ba f3 9c-39 22 01 d4 3c 2d 70 99 .%......9"..<-p.

0090 - 44 83 3b 78 9e ed f5 bb-a8 3c cd 53 c5 47 74 cf D.;x.....<.S.Gt.

Start Time: 1460664467

Timeout : 300 (sec)

Verify return code: 18 (self signed certificate)


This seems to be the only automatic connection attempt from the Windows client software (outside of our own servers). Is this by design? If so, why? (BTW, I searched source code from github and did not find reference to this server. I did use pre-compiled binaries though and wonder if something else is stuffed in there.)

This was observed with the most stable Win client code. (I realize this is the snapshots thread, but I'm not sure where else to post this.)


P.S. By the way, I'm new here and this is hands-down the best audio VOIP software I've ever used. Thanks so much for your hard work! :D

Link to comment
Share on other sites

  • 1 month later...
  • Administrators

That's none of ours. I am not quite sure I understand under what conditions this was seen but the public server list or a custom favourite would seem like obvious culprits that could trigger such an alert.

The name lookup could be a favourite or public server. Though for the public servers you should see much more than those depending on the locale you are in.

If you open Mumble for the first time or don't have any custom servers added the default setting for it is to retrieve the public server list from one of our hosts (* or * It then uses your locale to decide which country to display to you and expands the list in the connection dialog. To be able to display ping and populations on the servers the dialog displays we perform a name-lookup and send UDP ping (not an ICMP ping) packets to the mumble port (mostly 64738) of the hosts.

If you have one or more favorite servers the public list won't be retrieved. Unless you expand it all you should see is Mumble resolving and pinging your favourites.

In cooperate settings where you don't want to display the publist in the first place you can completely hide the point from the connection dialog by setting "disablepubliclist" to "true" in HKEY_CURRENT_USER\Software\Mumble\Mumble\ui .

Hope that helps

Link to comment
Share on other sites


  • Create New...