This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Constant UDP Traffic

0

1/3 of my captured Packets are UDP packets from the same IP in my Network. Always 72 length and the info is always "Source Port: 58869 Destination port: 8009" The UDP stream consists of

"Big-D-PC|11112|172.16.12.154|2Big-D-PC|11112|172.16.12.154|2Big-D-PC|11112|172.16.12.154|2Big-D-PC|11112|172.16.12.154|2Big-D-PC|11112|172.16.12.154|2Big-D-PC|11112|172.16.12.154|2Big-D-PC|11112|172.16.12.154|2Big-D-PC|11112|172.16.12.154" 
for the entire conversation. I cringe at the name yes, but what traffic is it? It doesn't seem to end.

I might add the source is a computer name I guess "AsusXxx_e8:3e ... " and it's IPv4. Thanks for your help :)

asked 26 Jan '14, 05:46

J4D0's gravatar image

J4D0
1113
accept rate: 0%

edited 26 Jan '14, 05:59


One Answer:

1

The normal way to determine what kind of traffic that is would be to go to that PC and check the process list to find the application using that source port (or destination port, depending on who is who), by using the "netstat" command line tool or a GUI tool like TCPView. If you can't access the PC (e.g. because it is not yours) you can only guess.

answered 26 Jan '14, 05:59

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

I can't easily access the Pc :s What would be a likely guess? I think it is suspicious, that the traffic is always and every day the same... I ran an nmap scan, too if it would help the cause...

(26 Jan '14, 06:03) J4D0

What is the target IP of those packets? Can you find out anything about that? I doubt nmap is going to help here, unless that UDP application reacts to a UDP port scan with a banner.

(26 Jan '14, 06:17) Jasper ♦♦

target is 255.255.255.255 :/ and no it doesn't.

(26 Jan '14, 06:35) J4D0

So the target is the broadcast address. Which means that the source PC is just telling everyone on the network it's address and host name I guess. I wouldn't worry about it, it's probably some kind of name resolution protocol.

(26 Jan '14, 06:45) Jasper ♦♦