First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Why is my computer sending hundreds of SSDP packets to the same IP?

When I start capture on WireShark, my display is instantly filled with hundreds of SSDP packets being sent from my local IP address to the same IP, 239.255.255.250. Even when I have nothing else open on my computer other than WireShark. Is this normal? I've Googled it and there are lots of other people saying similar things but they always have slight differences and then the differences tend to be the focus of the subsequent discussion.

Is this normal activity? What's it doing? Why's it doing it?

Almost every packet has the info, NOTIFY * HTTP/1.1, except a few that are M-SEARCH * HTTP/1.1

Why does my computer feel the need to repeatedly notify this other server?

On further inspection it says the source is Shenzhen in China?? And does "20:32:33:c9:42:56" mean anything?

I am sending out over 10 SSDP packets per second even when my computer is not doing anything other than simply being connected to the wifi

Retsek's avatar
1
Retsek
asked 2019-08-02 18:10:39 +0000, updated 2019-08-02 18:46:05 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

2 Answers

0

See this SSDP page. It's the basis for Plug-and-Play.

Jaap's avatar
13.7k
Jaap
answered 2019-08-02 18:42:51 +0000
edit flag offensive 0 remove flag delete link
more

Comments

The protocol itself seems benign but the shear volume of packets is worrying, and the fact they have something to do with an address in China? Is this normal? My computer is sending out over 10 SSDP packets per second!

Retsek's avatar Retsek (2019-08-02 18:45:35 +0000) edit
more
  • delete
add a comment see more comments
0

And does "20:32:33:c9:42:56" mean anything?

It means "Shenzhen Bilian Electronic Co.,Ltd", if you type the first 3 octets of that address (the "OUI") into the Wireshark OUI lookup tool.

Shenzhen Bilian Electronic Co.,Ltd "is a professional network communication equipment research and development, production and sales, and is committed to the Internet of Things, Internet, smart home, smart community, smart city network hardware, software and services, carrying industry 4.0 wireless mobile communications High-tech communication company for network terminal products and module development.".

There's probably something on your network that they made; perhaps it's spewing out lots of SSDP packets because it has the usual high quality-with-a-capital-KW networking firmware/software found on embedded devices.

Guy Harris's avatar
19.9k
Guy Harris
answered 2019-08-02 20:49:25 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Thank-you for your reply! Do you know a way I could stop my computer from sending these SSPD packets? If it messes everything up I'll revert the change but if it doesn't I'd rather not being sending them.

Retsek's avatar Retsek (2019-08-02 21:31:57 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer