Re: Troubleshooting slow network

[Martin Visser <martinvisser99 () gmail com>]

Multicast on UDP port 1900 will be SSDP or now known as UPnP, Universal
Plug and Play. This is just a control protocol used to discover services on
the network. The traffic you see might be PC or the like advertising they
have Audio/Video available, or your router advertising that a PC can use it
to open up it's firewall (for games/bittorent etc).

As it is really just a control protocol, not for sending actual data
payloads, 15K packets/sec seems very high. Are you sure this is correct.
You can identify the source from the source address - which will be unique
on your network - or probably in the packets themselves. (You might need to
set UDP port 1900 to be decoded as SSDP).

When you say the network is "slow" you need to be more specific. Is this
only to/from the Internet or also LAN to LAN?

Also don't forget that when you do a Wireshark capture on just a regular
switch port - you will ONLY see your own traffic and multicast/broadcast
traffic. Hence you might not be seeing the greater proportion of traffic in
your network. To this you need to enable port-mirroring on your switch and
use Wireshark in promiscuous mode.

Regards, Martin

MartinVisser99 () gmail com


On 1 December 2012 04:43, Cheikhou Dramé <dramecheikhou () gmail com> wrote:

> port 1900
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe