Embed Size (px)
DESCRIPTION
Tony Fortunato is a Senior Network Specialist with experience in design, implementation, and troubleshooting of LAN/WAN/Wireless networks, desktops and servers since 1989. His background in financial networks includes design and implementation of trading floor networks. Tony has taught at local high schools, Colleges/Universities, Networld/Interop and many onsite private classroom settings to thousands of analysts.
Citation preview
© 2009 www.thetechfirm.com
Examining
How to start a Broadcast Analysis
Part 2HTTP
Tony Fortunato, Sr Network SpecialistThe Technology Firm
© 2009 www.thetechfirm.com
Why Bother
Broadcasts can cause;
Network slowdowns
Rebooting or Frozen PC’s
Unreliable WIFI
Unpredictable application or window client performance
Extra ‘space junk’ that you need to sift through when troubleshooting
© 2009 www.thetechfirm.com
Common Networks and Related Issues In this typical network I look for BROADCAST HTTP traffic. What the heck would that be for??? Good old SSDP/UPNP is the answer.
© 2009 www.thetechfirm.com
Sources of these Broadcasters
Almost anything can send out UPnP/SSDP broadcast packets Printers PC’s Internet cameras
© 2009 www.thetechfirm.com
So What??? On December 2001 Microsoft stated that Universal Plug And Play (UPnP) in
Windows XP posed a security threat to ALL XP users!!! The threat was so bad that Scott Culp, Manager of Microsoft's Security Response
Centre said, "Every Windows XP user needs to immediately take action" and it was a "Very serious vulnerability."
Microsoft has issued a security bulletin MS01-059 that explains the issue in more detail
© 2009 www.thetechfirm.com
Now what? How do I find it, since even non-microsoft devices can send these out?
Protocol Analyzer is the easiest tool to use to clean this up. Start a capture from a PC and set a Stop Capture Trigger at 1 MB with a capture file
of “udp port 1900” (without the double quotes) Lets review the trace file
© 2009 www.thetechfirm.com
What’s out there? Since our capture filter is only targeting UDP PORT 1900, go to Statistics->Endpoints
and select the IP tab.
Perfect, here’s our hit list of 12 devices to clean up
© 2009 www.thetechfirm.com
UPnP Device Cleanup Most devices I have come across have a UPnP/SSDP configuration screen
© 2009 www.thetechfirm.com
PC Cleanup With Windows XP, simply uncheck the UPnP user interface under
Add/Remove Windows Components. Networking Services In most cases, you can uncheck Internet Gateway Device Discovery…. as well
Or directly from the Services screen, or scripts, or Policies, you get the idea
© 2009 www.thetechfirm.com
Tony Fortunato, Sr Network SpecialistThe Technology Firm
Examining
How to start a Broadcast Analysis
Part 2HTTP
© 2009 www.thetechfirm.com
For additional educational videos on Open Source Network Tools, please click on the following …
http://www.lovemytool.com/blog/ostu.html
LoveMyTool.com – Community for Network Tools
