PC sending udp requests to wirless printer.

wd40wd40 Member Posts: 1,017 ■■■■□□□□□□
in Off-Topic
Hi All,

I noticed thru my comodo firewall that my PC is sending udp packets to my wireless printer using thousands of different ports, all the requests are sent to port 161 on the printer.

it starts from around port 49,000 to 65,000 then it repeats icon_study.gif

This issue have been bugging me for few months now and I hope that I will get a solution to stop the PC from sending these packets.
· Share on FacebookShare on Twitter

Comments

  • exampasserexampasser Member Posts: 718 ■■■□□□□□□□
    I would do a malware scan on that pc if you have not done so already.
    · Share on FacebookShare on Twitter
  • wd40wd40 Member Posts: 1,017 ■■■■□□□□□□
    The PC is clean, all the packets are sent to the printer only, if I switch it off or connect it thru Ethernet this will stop.

    all packets are the same ~94 Bytes sent and ~105 Bytes received.
    · Share on FacebookShare on Twitter
  • wastedtimewastedtime Member Posts: 586 ■■■■□□□□□□
    It is very likely it is SNMP software that comes with some printers. I know my Lexmark printer has something like that if you want to use it.
    · Share on FacebookShare on Twitter
  • Forsaken_GAForsaken_GA Member Posts: 4,024
    his computer is probably just employing it as a method of autodiscovery/zeroconf/bonjour/whatever you want to call it
    · Share on FacebookShare on Twitter
  • MentholMooseMentholMoose Member Posts: 1,525 ■■■■■■■■□□
    wastedtime wrote: »
    It is very likely it is SNMP software that comes with some printers. I know my Lexmark printer has something like that if you want to use it.
    Agreed, udp/161 is designated for SNMP. You can take a packet capture with Wireshark or MS Network Monitor to confirm.
    MentholMoose
    MCSA 2003, LFCS, LFCE (expired), VCP6-DCV
    · Share on FacebookShare on Twitter
  • wd40wd40 Member Posts: 1,017 ■■■■□□□□□□
    I did a wireshark capture, they are SNMP get-request and SNMP get-response messages.

    I closed all hp processes, applications and services, but that did not fix the problem.

    Still svchost.exe continues to send the packets.

    I just downloaded portmon, but it does not work on my machine, I will check again when I come back from work.

    Thanks guys.
    · Share on FacebookShare on Twitter
  • MentholMooseMentholMoose Member Posts: 1,525 ■■■■■■■■□□
    Check the list of services for something related to your printer. If you don't find anything, install MS Network Monitor... one nice advantage it has over Wireshark on Windows is that it has visibility into processes, so you can see which process is responsible the traffic. Also the capture files it creates are compatible with Wireshark, so you can still do analysis with Wireshark if necessary.
    MentholMoose
    MCSA 2003, LFCS, LFCE (expired), VCP6-DCV
    · Share on FacebookShare on Twitter
  • wd40wd40 Member Posts: 1,017 ■■■■□□□□□□
    I tried MS Network Monitor, still I have nothing useful. Thanks all, any more Ideas?
    · Share on FacebookShare on Twitter
  • tierstentiersten Member Posts: 4,505
    wd40 wrote: »
    I closed all hp processes, applications and services, but that did not fix the problem.

    Still svchost.exe continues to send the packets.
    Start Task Manager. Find the exact svchost process that is doing this. Right click it. Select Go to service(s) and you'll find what services are hosted by that particular instance of svchost. You'll have to do a process of elimination to further narrow it down but it should mostly be obvious by the names by this point.

    Why do you want to stop this anyway?
    · Share on FacebookShare on Twitter
  • wd40wd40 Member Posts: 1,017 ■■■■□□□□□□
    tiersten wrote: »
    Start Task Manager. Find the exact svchost process that is doing this. Right click it. Select Go to service(s) and you'll find what services are hosted by that particular instance of svchost. You'll have to do a process of elimination to further narrow it down but it should mostly be obvious by the names by this point.

    Why do you want to stop this anyway?
    Great Idea, Thanks icon_cheers.gif.

    I found the service, it is "pml driver hpz12 service", I missed it because it does not start with hp like the others icon_lol.gif.

    I want to stop it for several reasons.
    -I have a download cap of 11 GB per month, my network monitor gadget has a download meter, these few bytes accumulate to a large number over 24 hours which makes the download reading not accurate.

    -when I look into my firewall I see at least 250 active outbound connections, this makes looking for anything a bit annoying.

    now, I will just stop the service, when I need to print or scan anything I will restart the service :).
    · Share on FacebookShare on Twitter
  • motogpmanmotogpman Member Posts: 412
    This is why I HATE HP bundled software now. They used to be the best on hardware and softare, but now they have added so much "Customer Participation" softwares in a default installation and it will bog a users system down. I wish they would stop doing that crap!
    -WIP- (70-294 and 297)

    Once MCSE 2k3 completed:

    WGU: BS in IT, Design/Management

    Finish MCITP:EA, CCNA, PMP by end of 2012

    After that, take a much needed vacation!!!!!
    · Share on FacebookShare on Twitter
  • DevilsbaneDevilsbane Member Posts: 4,214 ■■■■■■■■□□
    HP isn't the only one.

    The first thing I did when I got my last laptop was pull the HDD and start over.
    Decide what to be and go be it.
    · Share on FacebookShare on Twitter
  • wd40wd40 Member Posts: 1,017 ■■■■□□□□□□
    I forgot about this thread icon_lol.gif

    I went for the KISS approach, just switch off the printer when it is not needed, problem solved icon_lol.gif.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.