You are not logged in.

#1 2019-05-04 13:08:29

UnwillingFirehose
Member
From: UK
Registered: 2014-12-09
Posts: 7

Outbound broadcasts to UDP port 1900, what is generating them?

In an effort to analyse traffic more often, and just learn more, I'd like to reduce the amount of unnecessary traffic on my network - so it reduces the "noise" when I'm examining something.

On an Arch system with multiple interfaces it's sending out frequent requests to UDP port 1900, to IP 239.255.255.250, on all interfaces.

This is SSDP / UPnP related, and I've avahi installed but I'm not running avahi-daemon.  So this is related to something like Samba or gvfs-smb or smbnetfs or similar, but how I do figure out which? I don't see a way to track this using fuser or lsof... what option am I missing?

Thank you.

Offline

#2 2019-05-04 13:28:09

schard
Member
From: Hannover
Registered: 2016-05-06
Posts: 332
Website

Re: Outbound broadcasts to UDP port 1900, what is generating them?

What does ss tell you?

Offline

#3 2019-05-04 22:25:58

UnwillingFirehose
Member
From: UK
Registered: 2014-12-09
Posts: 7

Re: Outbound broadcasts to UDP port 1900, what is generating them?

schard wrote:

What does ss tell you?

Nothing - as far as I can tell.  "ss" doesn't reveal anything, and grepping the output for "1900" or "ssdp" or "upnp" didn't show anything either.

The same goes for "lsof -i UDP:<src port>"

However, from reading the traffic with tshark the interesting part that stands out is this:

Simple Service Discovery Protocol
    M-SEARCH * HTTP/1.1\r\n
        [Expert Info (Chat/Sequence): M-SEARCH * HTTP/1.1\r\n]
            [M-SEARCH * HTTP/1.1\r\n]
            [Severity level: Chat]
            [Group: Sequence]
        Request Method: M-SEARCH
        Request URI: *
        Request Version: HTTP/1.1
    HOST: 239.255.255.250:1900\r\n
    MAN: "ssdp:discover"\r\n
    MX: 1\r\n
    ST: urn:dial-multiscreen-org:service:dial:1\r\n
    USER-AGENT: Chromium/74.0.3729.131 Linux\r\n

    \r\n
    [Full request URI: http://239.255.255.250:1900*]
    [HTTP request 4/4]
    [Prev request in frame: 7]

From a quick read of http://www.dial-multiscreen.org/ it looks like this is Chromium seeing if there's any devices on the LAN it can display to.... when I've finally worked through my open tabs I'll close down chromium and see if these packets are still there...

Offline

#4 2019-05-05 01:03:16

fukawi2
Forum Moderator
From: .vic.au
Registered: 2007-09-28
Posts: 5,652
Website

Re: Outbound broadcasts to UDP port 1900, what is generating them?

Probably relevant: https://bugs.chromium.org/p/chromium/is … ?id=665572 and http://walkersam.blogspot.com/2018/05/d … oogle.html

To disable the media router feature, launch Chrome and enter chrome://flags/

Search for “media router” and disable the feature.

Offline

#5 2019-05-11 17:37:02

UnwillingFirehose
Member
From: UK
Registered: 2014-12-09
Posts: 7

Re: Outbound broadcasts to UDP port 1900, what is generating them?

Thank you very much for posting these, that certainly looks like the solution. While I'm still working through my open tabs ( I know a relaunch *should* bring them back, but still... ) I'll restart and check this works, but it certainly looks like the solution.

Offline

#6 2019-05-15 03:59:26

fukawi2
Forum Moderator
From: .vic.au
Registered: 2007-09-28
Posts: 5,652
Website

Re: Outbound broadcasts to UDP port 1900, what is generating them?

Don't forget to edit your first post and mark as solved if you've managed to stop the packets smile

Offline

Board footer

Powered by FluxBB