Wireshark mailing list archives

Re: Wireshark, Ubuntu, and mystery UDP packets

From: Jaap Keuter <jaap.keuter () xs4all nl>
Date: Sat, 4 Jun 2016 12:24:07 +0200

Hi,

This has little to do with Wireshark, or VB for that matter (nice crosspost),
but with screen replication. There is some display sharing service running which
seems to multicast your screen onto the network.

Thanks,
Jaap


On 04-06-16 03:51, Stéphane Charette wrote:

When I start Wireshark, all is fine.  But when I start capturing, this creates a
steady stream of UDP packets.  As soon as I stop the capture, the stream stops. 
I've never noticed this before.

The UDP stream is one directional, going to multicast address 232.9.3.115, port
6288.  Each packet is 1328 or 1332 bytes of binary payload.  The packets are
sent at a steady rate of 5.3Mbps.  The following options are *disabled* in
wireshark:

  * resolve mac address
  * resolve network names
  * resolve transport names
  * promiscuous mode


This is my normal local desktop, running 16.04, kernel 4.4.0.22-generic.  Local,
not a remote desktop.  Wireshark is installed from the normal Ubuntu repo:

dpkg -l | egrep "wireshark|pcap" | grep -v "rc  "

ii  libpcap0.8:amd64       1.7.4-2             amd64    system interface for
user-level packet capture
ii  libwireshark-data      2.0.2+ga16e22e-1    all      network packet
dissection library -- data files
ii  libwireshark6:amd64    2.0.2+ga16e22e-1    amd64    network packet
dissection library -- shared library
ii  wireshark              2.0.2+ga16e22e-1    amd64    network traffic analyzer
- meta-package
ii  wireshark-common       2.0.2+ga16e22e-1    amd64    network traffic analyzer
- common files
ii  wireshark-qt           2.0.2+ga16e22e-1    amd64    network traffic analyzer
- Qt version

I'm at a complete loss as to why starting a packet capture on my local desktop
is causing this mystery stream of UDP packets.  I'm hoping someone can tell me
either why, how to stop this, or can confirm the same strange behaviour.

Stéphane


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Wireshark, Ubuntu, and mystery UDP packets Stéphane Charette (Jun 03)
- Re: Wireshark, Ubuntu, and mystery UDP packets Jaap Keuter (Jun 04)
  - Re: Wireshark, Ubuntu, and mystery UDP packets Stéphane Charette (Jun 04)
- Re: Wireshark, Ubuntu, and mystery UDP packets netztier () bluewin ch (Jun 08)