This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Need help in learning the output generated by Wireshark

0

14 20.198934 192.168.0.1 239.255.255.250 SSDP NOTIFY * HTTP/1.1

What does the above line mean mainly the destination broadcast IP ? Why is it broadcasting to IANA ?

Thanks in advance

Victor

asked 20 Apr '11, 11:52

victor43's gravatar image

victor43
1111
accept rate: 0%


One Answer:

1

239.255.255.250 is a multicast address (not a broadcast, that would be 255.255.255.255.) reserved for Simple Service Discovery Protocol (SSDP). So nothing fancy, just the station with IP 192.168.0.1 looking for services offered by other nodes.

For more information about SSDP you might want to take a look at Wikipedia for example.

answered 20 Apr '11, 11:58

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

edited 20 Apr '11, 12:36

Thanks for the reply.

I just noticed that the packet is originating from my router's IP address and not my machine. Sorry for the confusion but why does it need to broadcast so often as I can see many of these packets small number of bytes are being sent out ? What kind of services is it looking for by the way ? Can you give any links to resources that might provide any information ?

Best Regards

Victor

(20 Apr '11, 12:21) victor43

I added a link for you in my original answer.

(20 Apr '11, 12:37) Jasper ♦♦

Many thanks for the link.

I did have one question more. How do you filter out certain packets like the one above SSDP protocol. In other words I want don't want them to appear in the displayed output to the user. I could not find the protocol SSDP under Enabled Protocols under the Analyze menu item.

Victor

(20 Apr '11, 13:04) victor43

I was able to disable the resolve the issue by just googling the answer. IF anyone wants to know you can simply disable the multicast protocol from your router's interface for UPnP.

(20 Apr '11, 13:17) victor43