Ask Your Question
0

Why is my computer sending hundreds of SSDP packets to the same IP?

asked 2019-08-02 18:10:39 +0000

Retsek gravatar image

updated 2019-08-02 18:46:05 +0000

When I start capture on WireShark, my display is instantly filled with hundreds of SSDP packets being sent from my local IP address to the same IP, 239.255.255.250. Even when I have nothing else open on my computer other than WireShark. Is this normal? I've Googled it and there are lots of other people saying similar things but they always have slight differences and then the differences tend to be the focus of the subsequent discussion.

Is this normal activity? What's it doing? Why's it doing it?

Almost every packet has the info, NOTIFY * HTTP/1.1, except a few that are M-SEARCH * HTTP/1.1

Why does my computer feel the need to repeatedly notify this other server?

On further inspection it says the source is Shenzhen in China?? And does "20:32:33:c9:42:56" mean anything?

I am sending out over 10 SSDP packets per second even when my computer is not doing anything other than simply being connected to the wifi

edit retag flag offensive close merge delete
add a comment

2 Answers

Sort by » oldest newest most voted
0

answered 2019-08-02 20:49:25 +0000

Guy Harris gravatar image

And does "20:32:33:c9:42:56" mean anything?

It means "Shenzhen Bilian Electronic Co.,Ltd", if you type the first 3 octets of that address (the "OUI") into the Wireshark OUI lookup tool.

Shenzhen Bilian Electronic Co.,Ltd "is a professional network communication equipment research and development, production and sales, and is committed to the Internet of Things, Internet, smart home, smart community, smart city network hardware, software and services, carrying industry 4.0 wireless mobile communications High-tech communication company for network terminal products and module development.".

There's probably something on your network that they made; perhaps it's spewing out lots of SSDP packets because it has the usual high quality-with-a-capital-KW networking firmware/software found on embedded devices.

edit flag offensive delete link more

Comments

Thank-you for your reply! Do you know a way I could stop my computer from sending these SSPD packets? If it messes everything up I'll revert the change but if it doesn't I'd rather not being sending them.

Retsek gravatar imageRetsek ( 2019-08-02 21:31:57 +0000 )edit
add a comment
0

answered 2019-08-02 18:42:51 +0000

Jaap gravatar image

See this SSDP page. It's the basis for Plug-and-Play.

edit flag offensive delete link more

Comments

The protocol itself seems benign but the shear volume of packets is worrying, and the fact they have something to do with an address in China? Is this normal? My computer is sending out over 10 SSDP packets per second!

Retsek gravatar imageRetsek ( 2019-08-02 18:45:35 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2019-08-02 18:10:39 +0000

Seen: 5,836 times

Last updated: Aug 02 '19

Related questions

Why there is port mismatch in tcp and http header for port 51006. Also why the netstat in server do not shows connections under port 51006 even traffic is coming to this port.

http request and response clarification!

How to plot HTTP requests/sec graph?

why protocol is not showing as HTTP even though we sent http request ?

How can I get https to show in Wireshark?

Cause Of Server Hello Delay

Development of OSCORE dissector

How to view packets sent out of ip

No HTTP protocols in scan results

name changes of gateway-router

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2