You are not logged in.

#1 2019-05-04 13:08:29

UnwillingFirehose
Member
From: UK
Registered: 2014-12-09
Posts: 11

[SOLVED]Outbound broadcasts to UDP port 1900, what is generating them?

In an effort to analyse traffic more often, and just learn more, I'd like to reduce the amount of unnecessary traffic on my network - so it reduces the "noise" when I'm examining something.

On an Arch system with multiple interfaces it's sending out frequent requests to UDP port 1900, to IP 239.255.255.250, on all interfaces.

This is SSDP / UPnP related, and I've avahi installed but I'm not running avahi-daemon.  So this is related to something like Samba or gvfs-smb or smbnetfs or similar, but how I do figure out which? I don't see a way to track this using fuser or lsof... what option am I missing?

Thank you.

Last edited by UnwillingFirehose (2019-05-25 16:04:48)

Offline

#2 2019-05-04 13:28:09

schard
Member
From: Hannover
Registered: 2016-05-06
Posts: 407
Website

Re: [SOLVED]Outbound broadcasts to UDP port 1900, what is generating them?

What does ss tell you?

Offline

#3 2019-05-04 22:25:58

UnwillingFirehose
Member
From: UK
Registered: 2014-12-09
Posts: 11

Re: [SOLVED]Outbound broadcasts to UDP port 1900, what is generating them?

schard wrote:

What does ss tell you?

Nothing - as far as I can tell.  "ss" doesn't reveal anything, and grepping the output for "1900" or "ssdp" or "upnp" didn't show anything either.

The same goes for "lsof -i UDP:<src port>"

However, from reading the traffic with tshark the interesting part that stands out is this:

Simple Service Discovery Protocol
    M-SEARCH * HTTP/1.1\r\n
        [Expert Info (Chat/Sequence): M-SEARCH * HTTP/1.1\r\n]
            [M-SEARCH * HTTP/1.1\r\n]
            [Severity level: Chat]
            [Group: Sequence]
        Request Method: M-SEARCH
        Request URI: *
        Request Version: HTTP/1.1
    HOST: 239.255.255.250:1900\r\n
    MAN: "ssdp:discover"\r\n
    MX: 1\r\n
    ST: urn:dial-multiscreen-org:service:dial:1\r\n
    USER-AGENT: Chromium/74.0.3729.131 Linux\r\n

    \r\n
    [Full request URI: http://239.255.255.250:1900*]
    [HTTP request 4/4]
    [Prev request in frame: 7]

From a quick read of http://www.dial-multiscreen.org/ it looks like this is Chromium seeing if there's any devices on the LAN it can display to.... when I've finally worked through my open tabs I'll close down chromium and see if these packets are still there...

Offline

#4 2019-05-05 01:03:16

fukawi2
Forum Moderator
From: .vic.au
Registered: 2007-09-28
Posts: 5,670
Website

Re: [SOLVED]Outbound broadcasts to UDP port 1900, what is generating them?

Probably relevant: https://bugs.chromium.org/p/chromium/is … ?id=665572 and http://walkersam.blogspot.com/2018/05/d … oogle.html

To disable the media router feature, launch Chrome and enter chrome://flags/

Search for “media router” and disable the feature.

Offline

#5 2019-05-11 17:37:02

UnwillingFirehose
Member
From: UK
Registered: 2014-12-09
Posts: 11

Re: [SOLVED]Outbound broadcasts to UDP port 1900, what is generating them?

Thank you very much for posting these, that certainly looks like the solution. While I'm still working through my open tabs ( I know a relaunch *should* bring them back, but still... ) I'll restart and check this works, but it certainly looks like the solution.

Offline

#6 2019-05-15 03:59:26

fukawi2
Forum Moderator
From: .vic.au
Registered: 2007-09-28
Posts: 5,670
Website

Re: [SOLVED]Outbound broadcasts to UDP port 1900, what is generating them?

Don't forget to edit your first post and mark as solved if you've managed to stop the packets smile

Offline

#7 2019-05-25 16:03:13

UnwillingFirehose
Member
From: UK
Registered: 2014-12-09
Posts: 11

Re: [SOLVED]Outbound broadcasts to UDP port 1900, what is generating them?

fukawi2 wrote:

Don't forget to edit your first post and mark as solved if you've managed to stop the packets smile

That's an excellent point, thank you for the reminder.

For those of you reading this in the future - I'm pretty sure I did the following:

* Went to chrome://flags/
* Disabled "Load Media Router Component Extension"
* Disabled "Connect to Cast devices on all IP addresses"

And then, as far as I remember, it just worked. I didn't have restart chromium. I'm about 94 tabs away from being able to do that right now... ( I know they should all come back, but still... )

Offline

Board footer

Powered by FluxBB