This is our old Q&A Site. Please post any new questions and answers at

Hi all,

I use a VPN so a lot of what Wireshark shows me on my network is encrypted.

I'm a total n00b to network analysis and Wireshark but was hoping someone could explain what's happening with SSDP Packets?

The SSDP packets are not encrypted (I can clearly read the text contained in the packet along the right-hand side of the 'Packet Bytes' window). They mention my Router's MAC address and another MAC address of unknown origin.

Since the packets aren't encrypted and this communication is occurring with a MAC not on my network, should I be suspicious? Does this represent remote Router Configuration access (i.e. hacking or remote manipulation)?

Essentially, what's the explanation for this? Can I disable this functionality without compromising internet useability?

Thanks a ton for all this help! I'll start helping others as soon as I'm up-to-speed with the program!

asked 03 Dec '16, 08:22

Arianax's gravatar image

accept rate: 0%

edited 03 Dec '16, 08:23

There is a description of SSDP on the Wireshark wiki:

That "other unknown MAC address" is likely the multicast address (see also the picture linked above). If your host is part of a multicast group, then it will receive this traffic.

SSDP is normally used for device discovery in the network (think of media devices to which you can stream data). If you do not need this functionality (I do not), then you could just disable it without any bad side-effects.

permanent link

answered 03 Dec '16, 14:09

Lekensteyn's gravatar image

accept rate: 30%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 03 Dec '16, 08:22

question was seen: 4,240 times

last updated: 27 Mar '17, 12:55

p​o​w​e​r​e​d by O​S​Q​A