Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-users: Re: [Wireshark-users] Troubleshooting slow network

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Cheikhou Dramé <dramecheikhou@xxxxxxxxx>
Date: Sun, 02 Dec 2012 13:57:46 +0000
Le 02/12/2012 04:04, Martin Visser a écrit :
Multicast on UDP port 1900 will be SSDP or now known as UPnP, Universal Plug and Play. This is just a control protocol used to discover services on the network. The traffic you see might be PC or the like advertising they have Audio/Video available, or your router advertising that a PC can use it to open up it's firewall (for games/bittorent etc).

As it is really just a control protocol, not for sending actual data payloads, 15K packets/sec seems very high. Are you sure this is correct. You can identify the source from the source address - which will be unique on your network - or probably in the packets themselves. (You might need to set UDP port 1900 to be decoded as SSDP).

When you say the network is "slow" you need to be more specific. Is this only to/from the Internet or also LAN to LAN?

Also don't forget that when you do a Wireshark capture on just a regular switch port - you will ONLY see your own traffic and multicast/broadcast traffic. Hence you might not be seeing the greater proportion of traffic in your network. To this you need to enable port-mirroring on your switch and use Wireshark in promiscuous mode.

Regards, Martin

MartinVisser99@xxxxxxxxx


On 1 December 2012 04:43, Cheikhou Dramé <dramecheikhou@xxxxxxxxx> wrote:
port 1900


thanks for your reply. My switches can't do port-mirroring.As seen in the file i have join , you can see the traffic wich i'm talking about , the network is slow just from and to  the internet.

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

Attachment: Capture du 2012-11-30 11:00:33.png
Description: PNG image

Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube