© 2009 www.thetechfirm.com Examining How to start a Broadcast Analysis Part 2 HTTP Tony Fortunato, Sr Network Specialist The Technology Firm
Nov 18, 2014
© 2009 www.thetechfirm.com
Examining
How to start a Broadcast Analysis
Part 2HTTP
Tony Fortunato, Sr Network SpecialistThe Technology Firm
© 2009 www.thetechfirm.com
Why Bother
Broadcasts can cause;
Network slowdowns
Rebooting or Frozen PC’s
Unreliable WIFI
Unpredictable application or window client performance
Extra ‘space junk’ that you need to sift through when troubleshooting
© 2009 www.thetechfirm.com
Common Networks and Related Issues In this typical network I look for BROADCAST HTTP traffic. What the heck would that be for??? Good old SSDP/UPNP is the answer.
© 2009 www.thetechfirm.com
Sources of these Broadcasters
Almost anything can send out UPnP/SSDP broadcast packets Printers PC’s Internet cameras
© 2009 www.thetechfirm.com
So What??? On December 2001 Microsoft stated that Universal Plug And Play (UPnP) in
Windows XP posed a security threat to ALL XP users!!! The threat was so bad that Scott Culp, Manager of Microsoft's Security Response
Centre said, "Every Windows XP user needs to immediately take action" and it was a "Very serious vulnerability."
Microsoft has issued a security bulletin MS01-059 that explains the issue in more detail
© 2009 www.thetechfirm.com
Now what? How do I find it, since even non-microsoft devices can send these out?
Protocol Analyzer is the easiest tool to use to clean this up. Start a capture from a PC and set a Stop Capture Trigger at 1 MB with a capture file
of “udp port 1900” (without the double quotes) Lets review the trace file
© 2009 www.thetechfirm.com
What’s out there? Since our capture filter is only targeting UDP PORT 1900, go to Statistics->Endpoints
and select the IP tab.
Perfect, here’s our hit list of 12 devices to clean up
© 2009 www.thetechfirm.com
UPnP Device Cleanup Most devices I have come across have a UPnP/SSDP configuration screen
© 2009 www.thetechfirm.com
PC Cleanup With Windows XP, simply uncheck the UPnP user interface under
Add/Remove Windows Components. Networking Services In most cases, you can uncheck Internet Gateway Device Discovery…. as well
Or directly from the Services screen, or scripts, or Policies, you get the idea
© 2009 www.thetechfirm.com
Tony Fortunato, Sr Network SpecialistThe Technology Firm
Examining
How to start a Broadcast Analysis
Part 2HTTP
© 2009 www.thetechfirm.com
For additional educational videos on Open Source Network Tools, please click on the following …
http://www.lovemytool.com/blog/ostu.html
LoveMyTool.com – Community for Network Tools