When I start capture on WireShark, my display is instantly filled with hundreds of SSDP packets being sent from my local IP address to the same IP, Even when I have nothing else open on my computer other than WireShark. Is this normal? I've Googled it and there are lots of other people saying similar things but they always have slight differences and then the differences tend to be the focus of the subsequent discussion.

Is this normal activity? What's it doing? Why's it doing it?

Almost every packet has the info, NOTIFY * HTTP/1.1, except a few that are M-SEARCH * HTTP/1.1

Why does my computer feel the need to repeatedly notify this other server?

On further inspection it says the source is Shenzhen in China?? And does "20:32:33:c9:42:56" mean anything?

I am sending out over 10 SSDP packets per second even when my computer is not doing anything other than simply being connected to the wifi

And does "20:32:33:c9:42:56" mean anything?

It means "Shenzhen Bilian Electronic Co.,Ltd", if you type the first 3 octets of that address (the "OUI") into the Wireshark OUI lookup tool.

Shenzhen Bilian Electronic Co.,Ltd "is a professional network communication equipment research and development, production and sales, and is committed to the Internet of Things, Internet, smart home, smart community, smart city network hardware, software and services, carrying industry 4.0 wireless mobile communications High-tech communication company for network terminal products and module development.".

There's probably something on your network that they made; perhaps it's spewing out lots of SSDP packets because it has the usual high quality-with-a-capital-KW networking firmware/software found on embedded devices.

Thank-you for your reply! Do you know a way I could stop my computer from sending these SSPD packets? If it messes everything up I'll revert the change but if it doesn't I'd rather not being sending them.

Retsek gravatar imageRetsek ( 2019-08-02 21:31:57 +0000 )edit

See this SSDP page. It's the basis for Plug-and-Play.

The protocol itself seems benign but the shear volume of packets is worrying, and the fact they have something to do with an address in China? Is this normal? My computer is sending out over 10 SSDP packets per second!

Retsek gravatar imageRetsek ( 2019-08-02 18:45:35 +0000 )edit

