One computer filling logs with UDP Broadcast Default deny block
-
I would be very interested in what the traffic is.. Can you figure out what process on your pc is sending it? That can be hard with UDP.. But I really would look to what is sending that traffic.. Maybe someone else can tell from that sniff. But I have been unable to figure out what it is.. its not bt-dht or something..
But someone with better wireshark fu than me might figure it out from your sniff.. Lets hope because I am now very curious ;)
There are few tools you can use on windows to try and figure out what is the process sending them - which can give us a clue to what it is.. But I can tell you I have never seen such traffic before…
-
I'd be glad to look into it more and report back, I just don't have a clue as to what I'm doing with Wireshark. I literally installed it this morning because I was curious about those logs.
-
wireshark is not going to be able to tell you what process is sending the traffic on windows. But seems you have more machine than 1 sending. Your sniff you attached shows its coming from 192.168.1.26, not .99
you could use something like https://technet.microsoft.com/en-us/sysinternals/tcpview.aspx
To try and catch what is sending the UDP. While is more geared to your tcp traffic, it can do udp as well.
https://technet.microsoft.com/en-us/sysinternals/processmonitor.aspx
is another tool that could be used to track down what is creating udp traffic.
Since its sending from udp 889.. you could also see if its listening on that port. Say simple netstat -anb could show you the process if what is sending is also listening, etc.
-
Ok thanks I'll check that out and report back. It was both the same machine, different DHCP lease
-
yup same machine see the same mac in both.. that 28:f1:15 as the sender.
-
Thank you for links to those programs! I used process monitor and had it figured out right away! Great tools, very easy to use.
It was some bloatware software from the motherboard manufacturer.
ASRock XFast LAN by cFosSpeed Service
Uninstalled.
-
Have to look to what it was suppose to be doing sending data to a broadcast address..
Glad you got it sorted.. I recall cfosSpeed - its been around for many years as some form of optimization/shaping tool.. Been years and years since looked at it.. Now going to have to figure out for my own curiosity what it was doing sending very large packets with no real data in them out to a brodcast address..
There are lots of sysinternal tools that are very useful.. Too bad many of those features/functions are not just built right into the OS.. many of those tools should just come with the OS…
edit: So it was this
http://www.asrock.com/feature/XFast/XFastLAN/index.aspWhy and the F would it send out large packets to broacast??? Wonder if there is any whitepaper on it.
-
Asus is well known for producing completely idiotic "addons" to their MBs. I recall some crap called XFastUSB or something, just broke USB completely. Ugh.
-
Haha yeah, when I uninstalled it took me to their website and had a questionnaire with a long list of reasons why I uninstalled. They were all along the lines of because your program makes things worse not better.
-
I never install 3rd-party if I don't have to. If drivers have both an install and just the drivers, I got with just the drivers. Except my Razer, which I would like to find another mouse, but all mice require 3rd-party apps for their custom features.
