Tuesday 5 February 2013

How to change IGMP Version (IGMP v1/v2/v3) in Windows XP PC?

By default when the Windows XP host joins IGMP group it uses IGMP v3. If you want to change this behavior and want PC to generate IGMP v1 or v2 messages change the registry settings as follows:


1) Start -> Run -> regedit

2) Go to HKEY_LOCAL_MACHINE ->SYSTEM->CurrentControlSet->Services->Tcpip->Paramters

3) Right Click -> New-> DWORD Value-> Rename the field as  "IGMPVersion"

Set the Value according to the table below and reboot the PC.  

Value "2" ->  IGMP Version 1

        "3" -> IGMP Version 2

        "4" -> IGMP Version 3 ( Default)


              

Why windows XP sends messages with 239.255.255.250 destination IP address?

We can see few packets destined to 239.255.255.250 IP address in Wireshark. They are:

1) SSDP Messages

2)  IGMP messages destined to 239.255.255.250

SSDP protocol is used to discover Upnp (Plug and play) devices in network. When we enable or disable the network interface, you can observe these messages.




What is Wireshark filter for SSDP protocols?

For SSDP protocols there is no separate Wireshark filter. We have to use either of the following two:


1) (udp.dstport==1900)

2) http




Monday 4 February 2013

How to disable SSDP ( Simple Service Discovery Protocol) in Windows Microsoft XP ?

If you are running some captures and seeing lot of messages for SSDP  you have two options to filter out the messages in wireshark

Either disable it completely or use wireshark Filter " 

  • !(udp.dstport==1900) "
  • !((udp contains "HTTP/1.1") and ((udp contains 0a:53:54:3a) or (udp contains 0a:59:54:3a)))

How to disable the SSDP in Win XP

The two services you need to disable are:

  • Universal Plug and Play Device Host
  • SSDP Discovery Service

Disable the UPnP Device Host first by double-clicking on the service and selecting "Disabled" in the drop-down menu. Next, go on to the SSDP Discovery Service, double-click and select to stop the service, then disable it in the same manner.