Network flooded with M-SEARCH packets: what does it mean? [closed]

networking windows upnp

These are UPnP discovery packets. Their purpose is to discover UPnP devices like home routers or media servers. For example, Windows Live Messenger tries to discover the home router behind which it is connected in order to redirect some network ports automatically.

The rate is unusual, though. It is normal to receive a lot of these packets on a large Ethernet network because they are usually sent to the broadcast address, but receiving 18-20 per second from a single computer is abnormal.


Just in case someone else see the same packets. Yes, these are UPnP discovery packets searching for an IP router. If UPnP is enabled in your router, the software that wants to find it can add port mappings, delete port mappings, get the external ip address (the router Ip), etc.

Basically, most of the times, the code searching for a WANIPConnection or WANIPPPConnection Service Type (ST: WANIPConnection/WANIPPPConnection) wants to achieve inbound connections. This is common for P2P applications and all kind of applications that requires inbound connection. Also viruses and netbots do the same.

A NATed computer requires port forwarding to be reacheable and that only can be done from inside.

Related

strange output on ssh tunneling: output failed; connect failed: Connection timed out;
Aws vpc default route table in CloudFormation
Windows 10 Pro, RDP Server, "An internal error has occurred"
Find users connected to a network share
In SQL Server, how do I create a login for an existing user?
How does network sniffing software work over a switch?
Unable to resolve data corruption warning with fsck
Hostname to Localhost with Port - OSX [closed]
Why do I want to run Tomato firmware on my router? [closed]
Windows Powershell Vim Keybindings
How to duplicate MSSQL database on the same or another server?
Configure domain name in CentOS