PC sending udp requests to wirless printer.

Hi All,

I noticed thru my comodo firewall that my PC is sending udp packets to my wireless printer using thousands of different ports, all the requests are sent to port 161 on the printer.

it starts from around port 49,000 to 65,000 then it repeats

This issue have been bugging me for few months now and I hope that I will get a solution to stop the PC from sending these packets.

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

exampasser

I would do a malware scan on that pc if you have not done so already.

wd40

The PC is clean, all the packets are sent to the printer only, if I switch it off or connect it thru Ethernet this will stop.

all packets are the same ~94 Bytes sent and ~105 Bytes received.

wastedtime

It is very likely it is SNMP software that comes with some printers. I know my Lexmark printer has something like that if you want to use it.

Forsaken_GA

his computer is probably just employing it as a method of autodiscovery/zeroconf/bonjour/whatever you want to call it

MentholMoose

wastedtime wrote: »

It is very likely it is SNMP software that comes with some printers. I know my Lexmark printer has something like that if you want to use it.

Agreed, udp/161 is designated for SNMP. You can take a packet capture with Wireshark or MS Network Monitor to confirm.

wd40

I did a wireshark capture, they are SNMP get-request and SNMP get-response messages.

I closed all hp processes, applications and services, but that did not fix the problem.

Still svchost.exe continues to send the packets.

I just downloaded portmon, but it does not work on my machine, I will check again when I come back from work.

Thanks guys.

MentholMoose

Check the list of services for something related to your printer. If you don't find anything, install MS Network Monitor... one nice advantage it has over Wireshark on Windows is that it has visibility into processes, so you can see which process is responsible the traffic. Also the capture files it creates are compatible with Wireshark, so you can still do analysis with Wireshark if necessary.

wd40

I tried MS Network Monitor, still I have nothing useful. Thanks all, any more Ideas?

tiersten

wd40 wrote: »

I closed all hp processes, applications and services, but that did not fix the problem.

Still svchost.exe continues to send the packets.

Start Task Manager. Find the exact svchost process that is doing this. Right click it. Select Go to service(s) and you'll find what services are hosted by that particular instance of svchost. You'll have to do a process of elimination to further narrow it down but it should mostly be obvious by the names by this point.

Why do you want to stop this anyway?

wd40

tiersten wrote: »

Start Task Manager. Find the exact svchost process that is doing this. Right click it. Select Go to service(s) and you'll find what services are hosted by that particular instance of svchost. You'll have to do a process of elimination to further narrow it down but it should mostly be obvious by the names by this point.

Why do you want to stop this anyway?

Great Idea, Thanks

.

I found the service, it is "pml driver hpz12 service", I missed it because it does not start with hp like the others

.

I want to stop it for several reasons.
-I have a download cap of 11 GB per month, my network monitor gadget has a download meter, these few bytes accumulate to a large number over 24 hours which makes the download reading not accurate.

-when I look into my firewall I see at least 250 active outbound connections, this makes looking for anything a bit annoying.

now, I will just stop the service, when I need to print or scan anything I will restart the service

motogpman

This is why I HATE HP bundled software now. They used to be the best on hardware and softare, but now they have added so much "Customer Participation" softwares in a default installation and it will bog a users system down. I wish they would stop doing that crap!

Devilsbane

HP isn't the only one.

The first thing I did when I got my last laptop was pull the HDD and start over.

wd40

I forgot about this thread

I went for the KISS approach, just switch off the printer when it is not needed, problem solved