5353 on empty LAN
-
I have no devices on LAN, but I see traffic on the graph so I did a capture and found this:
14:46:56.033876 IP 192.168.129.1.5353 > 224.0.0.251.5353: UDP, length 41
14:46:56.034270 IP 192.168.129.1.5353 > 224.0.0.251.5353: UDP, length 120
14:46:56.034505 IP 192.168.129.1.5353 > 224.0.0.251.5353: UDP, length 131
14:46:56.034999 IP 192.168.129.1.5353 > 224.0.0.251.5353: UDP, length 125Any reason why the FW is doing this?
Another empty VLAN has no traffic.More of a curiosity than a problem.
Thank you,
-
@andyrh Maybe that is avahi package ?
-
@mcury It is installed. Just odd it is only on 1 VLAN.
-
@andyrh A long time I don't use avahi..
Now I'm mapping my printers directly through the IP..
I don't like the idea of one VLAN seeing what is available in the other..
Not sure if everyone would agree with me on this, but as I see it, it could lead to vulnerability reconnaissance.. -
@mcury its multicast dns.
-
@nogbadthebad Yeap, mDNS..
Avahi can mirror mDNS from one VLAN to the other, and I don't like this behavior..
In a home use, it's nice to have, you would be able to cast to a chromecast in another VLAN, printers auto discovery and things like that. -
Not all of the interfaces were selected so it was re-broadcasting only on a few interfaces.
Thanks for the push in the right direction.
