Network flooded with M-SEARCH packets: what does it mean? [closed]
These are UPnP discovery packets. Their purpose is to discover UPnP devices like home routers or media servers. For example, Windows Live Messenger tries to discover the home router behind which it is connected in order to redirect some network ports automatically.
The rate is unusual, though. It is normal to receive a lot of these packets on a large Ethernet network because they are usually sent to the broadcast address, but receiving 18-20 per second from a single computer is abnormal.
Just in case someone else see the same packets. Yes, these are UPnP discovery packets searching for an IP router. If UPnP is enabled in your router, the software that wants to find it can add port mappings, delete port mappings, get the external ip address (the router Ip), etc.
Basically, most of the times, the code searching for a WANIPConnection or WANIPPPConnection Service Type (ST: WANIPConnection/WANIPPPConnection) wants to achieve inbound connections. This is common for P2P applications and all kind of applications that requires inbound connection. Also viruses and netbots do the same.
A NATed computer requires port forwarding to be reacheable and that only can be done from inside.