Page 2 of 2
Re: Invalid payload in message.
Posted: Fri 02 Dec 2022 11:44 am
by Mapantz
rogerthn wrote: ↑Fri 02 Dec 2022 8:05 am
I did have intermittent disturbances on my LAN and the likely culprit was the PSU on one switch. When the switch finally gave up the 12V PSU voltage was less than 5V.
When you say switch, do you mean a network switch?
Re: Invalid payload in message.
Posted: Fri 02 Dec 2022 12:03 pm
by mcrossley
Thing is the broadcasts being received are not some random garbage, they are consistently the same, which says to me there is something deliberately transmitting them.
I'd fire up WireShark to sniff the network and that should tell you the source IP address for the multi-casts.
Re: Invalid payload in message.
Posted: Fri 02 Dec 2022 12:31 pm
by Mapantz
I've installed wireshark
I see this: 2134 318.519138 192.168.1.73 192.168.1.255 UDP 789 35189 → 22222 Len=747
That's the WLL.. so I need to look for a source using the same port number?
OK, added a filter
https://postimg.cc/DJsHp5yr
I think that's correct?
Re: Invalid payload in message.
Posted: Fri 02 Dec 2022 12:51 pm
by mcrossley
Yes, those are the broadcasts from the WLL, you need to leave a capture running and stop it after the rouge messages come in
Re: Invalid payload in message.
Posted: Fri 02 Dec 2022 5:34 pm
by rogerthn
Mapantz wrote: ↑Fri 02 Dec 2022 11:44 am
rogerthn wrote: ↑Fri 02 Dec 2022 8:05 am
I did have intermittent disturbances on my LAN and the likely culprit was the PSU on one switch. When the switch finally gave up the 12V PSU voltage was less than 5V.
When you say switch, do you mean a network switch?
Yes, an old
GS116E
Re: Invalid payload in message.
Posted: Fri 02 Dec 2022 6:10 pm
by Mapantz
mcrossley wrote: ↑Fri 02 Dec 2022 12:51 pm
Yes, those are the broadcasts from the WLL, you need to leave a capture running and stop it after the rouge messages come in
Found the IP address:
https://postimg.cc/TpCf0Wg1
I'll have a look later to see what it is.
wtf - it's my PC
Re: Invalid payload in message.
Posted: Fri 02 Dec 2022 6:47 pm
by freddie
Bonjour service installed?
Re: Invalid payload in message.
Posted: Fri 02 Dec 2022 6:50 pm
by Mapantz
I have no idea what that is
Re: Invalid payload in message.
Posted: Fri 02 Dec 2022 6:56 pm
by freddie
If you install software like iTunes (amongst others) you also get the bonjour service installed. It's a network discovery thing that does multicasting. If it's there then it will be in the services list in performance manager and via the control panel. Could be under another name, as it's not exclusive to Apple.
Re: Invalid payload in message.
Posted: Fri 02 Dec 2022 6:59 pm
by Mapantz
Nothing like that is installed - no services by that name.
Re: Invalid payload in message.
Posted: Fri 02 Dec 2022 7:49 pm
by freddie
I did say it could be another name. You've obviously got something installed that is multicasting.
Re: Invalid payload in message.
Posted: Sat 03 Dec 2022 10:41 am
by SamiS
If the rogue packets were tcp, you probably could find the process from administrator command prompt by running netstat -b on the pc while it it sending. But since it’s udp, I’m not sure if it can be seen that way. One possible tool to use could be Process Monitor to find out which program is sending the packets.
If you are running CMX on another machine than the pc that is causing problems, you probably also could do a firewall rule that drops port 22222 packages that are coming from your pc.
—
Sami
Re: Invalid payload in message. ** Solved **
Posted: Sat 03 Dec 2022 1:42 pm
by Mapantz
Looks like I managed to find out what it was, albeit very strange..
It was indeed a printer app - HP print scan doctor. It says it was installed back in January, but it's not something I use, as I don't own a printer.
The weird thing is, the problem started on October 3rd. I wonder why it wasn't doing anything before that?
Anyway, deleted that and rebooted: Good /
Bad Multicast Packets 100.00 % - (27160 / 0)
Thanks Mark for the suggestion of Wireshark. I will keep that as it will come handy.
Re: Invalid payload in message. ** Solved **
Posted: Sun 04 Dec 2022 1:04 pm
by mcrossley
Mapantz wrote: ↑Sat 03 Dec 2022 1:42 pm
Thanks Mark for the suggestion of Wireshark. I will keep that as it will come handy.
An essential one for the toolkit!
No more recurrences of this since removing that software?
I'll add a capture for that packet format and not let it affect the multicast stats. Unfortunately, because the messages are sent via connectionless UDP there is no way of testing/filtering their source IP address and only accept them from the WLL IP.
Re: Invalid payload in message. ** Solved **
Posted: Sun 04 Dec 2022 2:27 pm
by Mapantz
mcrossley wrote: ↑Sun 04 Dec 2022 1:04 pm
An essential one for the toolkit!
No more recurrences of this since removing that software?
I'll add a capture for that packet format and not let it affect the multicast stats. Unfortunately, because the messages are sent via connectionless UDP there is no way of testing/filtering their source IP address and only accept them from the WLL IP.
None at all!
Code: Select all
Good / Bad Multicast Packets 100.00 % - (62798 / 0)
Glad to have gotten that resolved.