Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: PLease help, going crazy! IP 239.255.255.250 over and over

26 Nov 2011   #11
rubyrubyroo

MS Windows 7 Home Premium SP1 64-bit (Family Pack Lic.) Upgrade
 
 

A little more info, but the thing to remember and pay attention to is that this is a local network protocol querying and accepting internal responces (that was its intended purpose anyway)



Quote:
Technical description for port 1900:


The Microsoft SSDP service is officially registered with IANA as the protocol running on the network port 1900. This service is essentially associated with the automatic enabling of the discovery feature related with plug and play devices. This computer port is used to transmit data to identify the connection of UPnP capable devices to the system or network.
The SSDP (Simple Service Discovery Protocol) identified with the system port 1900 is basically an expired Internet draft undertaken by Hewlett-Packard and Microsoft Corporation. This discovery protocol provides for the mechanism that allows network clients to discover various available network services. The SSDP can be deployed with very little or no static configuration at all.
The SSDP service uses the port 1900 for the delivery of UDP multicast and unicast packets for the advertisement of its services.
The multicast address utilized by this protocol is supported by both the IPv4 and IPv6 technologies.

Services or applications using this port:
SSDP for UPnP (Universal Plug & Play) , Windows Alerter
Quote:
Technical description for port 3702:

The prevailing protocol that is identified with the communication port 3702 is the WS-Discovery (Web Services Dynamic Discovery) which by default is utilized by an assortment of Microsoft Windows Vista Operating System components. This protocol represents a technical specification used in defining multicast discovery related protocols for locating services residing on local networks.
The protocol associated with the system port 3702 was developed through the collaboration of WebMethods, Microsoft, Intel, Canon and BEA Systems. This service allows the execution of actual communication among nodes which is accomplished via standard Web services. The most notable implementation of this protocol is in relation with Simple Object Access Protocol (SOAP).
The network 3702 protocol is based on the WCF multicast protocol to allow runtime discovery of computer services in the context of ad hoc computer networks.
This service provides the ability to discover addresses related to Web services on runtime. This protocol supports libraries on both the server and the client side.

Services or applications using this port:
Web Service Discovery (UPnP v2 Discovery)
Feel any safer?

Let me know what you think!

Sincerely,
Mike



BTW there are three posts to read (the first is re the svcs) a quickie, then a discription of your situation, and finally some reference material to back me up (located after the fact)


My System SpecsSystem Spec
.
26 Nov 2011   #12
frank1212

Windows 7 64 bit
 
 

Quote   Quote: Originally Posted by rubyrubyroo View Post
the ports you mentioned are UDP UPNP ports - which means there's some process(es) on your system which are most likely not malicious, although I cant know for sure. But they are transmitting a message query intended for local network devices upnp's (such as a server, a printer, fax, etc) using the ip's you mentioned such as 239.255.255.250 and so on, so your computer detects this process trying to tx and stops it before it has a chance to get to your network, where you probably either no longer have the upnp's it's trying to reach, or it is just an artifact of unknown numerical origin! as for the SOC...1st off if you are as paranoid as you sound (to my trained ears/eyes) you sound like there might be a reason to be worried, no need to share, but it would tend to place more significance on the name. I suspect the IP that was intended to be used for entirely different purposes (like i said..local network com.) so the address would have a normal connection in the "Internet world" so it's probably in your DNS cache which you should flush, your hosts file which should be checked and kept up to date by your choice of methods (you sound like you can handle it, but I can get you some links to software and help you create a executable batch file that will automate much of the process. But I would stop, disable those two services and block the two ports as they are not necessary. No one is trying to find you or anything, for one because it would be such a crude and 95% failure rate prone, they would use a much more sophisticated method to hunt their prey. If the hosts and flushing do not stop the name, then the ip may simply belong to the SOC just like the other on I mentioned was a "sterile" or non transmitting/non receiving ip from IANA.

Sincerely,
Mike


Thank you. Out of all the people Ive been asking, this is by far the most informative response Ive gotten. But if you wouldnt mind helping me, Id be very greatful, as Im not as comp savvy as you are. I think I may have already disabled upnp, and ssdp.

So:
How do I close those ports 1900 and 3702? Also, if I close them, will it mess up my internet connection?

How do I flush my DNS Cache?

Also, a few weeks ago we had a major power outage in our area for 10 days. When the internet came back, I was assigned a new IP. It wasnt until a week or two after that did I see the SOC show up. Could that have anything to do with it? Ive been checking my PB everyday for the past year and have never seen it before. Why would I see this now? Can authorities use multicasting to snoop on you?

Thanks again. Looking forward to your reply.
My System SpecsSystem Spec
26 Nov 2011   #13
frank1212

Windows 7 64 bit
 
 

Quote   Quote: Originally Posted by rubyrubyroo View Post
A little more info, but the thing to remember and pay attention to is that this is a local network protocol querying and accepting internal responces (that was its intended purpose anyway)



Quote:
Technical description for port 1900:


The Microsoft SSDP service is officially registered with IANA as the protocol running on the network port 1900. This service is essentially associated with the automatic enabling of the discovery feature related with plug and play devices. This computer port is used to transmit data to identify the connection of UPnP capable devices to the system or network.
The SSDP (Simple Service Discovery Protocol) identified with the system port 1900 is basically an expired Internet draft undertaken by Hewlett-Packard and Microsoft Corporation. This discovery protocol provides for the mechanism that allows network clients to discover various available network services. The SSDP can be deployed with very little or no static configuration at all.
The SSDP service uses the port 1900 for the delivery of UDP multicast and unicast packets for the advertisement of its services.
The multicast address utilized by this protocol is supported by both the IPv4 and IPv6 technologies.

Services or applications using this port:
SSDP for UPnP (Universal Plug & Play) , Windows Alerter
Quote:
Technical description for port 3702:

The prevailing protocol that is identified with the communication port 3702 is the WS-Discovery (Web Services Dynamic Discovery) which by default is utilized by an assortment of Microsoft Windows Vista Operating System components. This protocol represents a technical specification used in defining multicast discovery related protocols for locating services residing on local networks.
The protocol associated with the system port 3702 was developed through the collaboration of WebMethods, Microsoft, Intel, Canon and BEA Systems. This service allows the execution of actual communication among nodes which is accomplished via standard Web services. The most notable implementation of this protocol is in relation with Simple Object Access Protocol (SOAP).
The network 3702 protocol is based on the WCF multicast protocol to allow runtime discovery of computer services in the context of ad hoc computer networks.
This service provides the ability to discover addresses related to Web services on runtime. This protocol supports libraries on both the server and the client side.

Services or applications using this port:
Web Service Discovery (UPnP v2 Discovery)
Feel any safer?

Let me know what you think!

Sincerely,
Mike



BTW there are three posts to read (the first is re the svcs) a quickie, then a discription of your situation, and finally some reference material to back me up (located after the fact)
Kind of...lol
Feel free to make fun of me, but I suffer from bad anxiety, so yes...I am paranoid...and usually its for nothing.
My System SpecsSystem Spec
.

26 Nov 2011   #14
frank1212

Windows 7 64 bit
 
 

Quote   Quote: Originally Posted by rubyrubyroo View Post
If the hosts and flushing do not stop the name, then the ip may simply belong to the SOC just like the other on I mentioned was a "sterile" or non transmitting/non receiving ip from IANA.

Sincerely,
Mike
I forgot to ask, when you say the IP may belong to SOC, Im not sure what you mean? We're talking about my own IP, yes?

I also included a screen shot. The oddest thing is that the last line appears to be my comp talking to my comp labled as SOC??
Screen shot: http://i.imgur.com/so415.png

Also, when you say "No one is trying to find you or anything, for one because it would be such a crude and 95% failure rate prone, they would use a much more sophisticated method to hunt their prey." that would include me sending info to them correct? In other words, could they be using 239.255.255.250 to send info to them? If so, would they really name it SOC? lol

IN your honest opinion, based on the info I gave you (i can provide whatever else you need) Do you think Im being tracked? I suffer from bad anxiety (diagnosed) and Ive been worried sick about this ever since Ive seen it. Ill explain if you want....

My System SpecsSystem Spec
27 Nov 2011   #15
rubyrubyroo

MS Windows 7 Home Premium SP1 64-bit (Family Pack Lic.) Upgrade
 
 

Frank,

Ive been up for 48+hours so I appologize, for any incoherant communication, etc. I just fell out for a good hour or so and am awake again So bear w/me a little bit, please!

A you have a lot of very good questions and observations! And I mentioned before I could palpate the subtle anxiety in most of your post(s), and I try to choose my words carefully, as not to alarm you without proper cause. I'll try my best to answer your questions.

first maybe as I am typing slower than normal, maybe you could enlighten me on why you are worried, as you offered. If you prefer to be less public with any info, your welcome to PM me instead of posting live. either way it's fine if our messages cross out of order. okay?

Mike
My System SpecsSystem Spec
27 Nov 2011   #16
rubyrubyroo

MS Windows 7 Home Premium SP1 64-bit (Family Pack Lic.) Upgrade
 
 

oh, one last thing what exactly do you have in your home peer network how many computers, any printers and how do they connect to the network, as well as anthing else, and i assume your using a common brand router withpretty much standard defalut settings...

this might help a bit
My System SpecsSystem Spec
27 Nov 2011   #17
rubyrubyroo

MS Windows 7 Home Premium SP1 64-bit (Family Pack Lic.) Upgrade
 
 

actually the last entry in the log you posted is being sent by your computer by use of the reserved broadcast address 192.168.1.255 , which is always the last address available in a subnet. (assuming the subnet mask is 255.255.255.0). This can be used to speak to other devices looking for a particular "receiver" on the home network to respond to its request. but I'd rather not drag this out with assumptions, so Ill wait for a response from you before answering your Questions, as they could help me possibly see an obvious answer.

As i believe you have already disabled netBIOS on your computer, I will be back when you get a chance to reply with info. I won't forget to answer your previous questions though.

Sincerely
Mike
My System SpecsSystem Spec
27 Nov 2011   #18
frank1212

Windows 7 64 bit
 
 

Quote   Quote: Originally Posted by rubyrubyroo View Post
Frank,

Ive been up for 48+hours so I appologize, for any incoherant communication, etc. I just fell out for a good hour or so and am awake again So bear w/me a little bit, please!

A you have a lot of very good questions and observations! And I mentioned before I could palpate the subtle anxiety in most of your post(s), and I try to choose my words carefully, as not to alarm you without proper cause. I'll try my best to answer your questions.

first maybe as I am typing slower than normal, maybe you could enlighten me on why you are worried, as you offered. If you prefer to be less public with any info, your welcome to PM me instead of posting live. either way it's fine if our messages cross out of order. okay?

Mike
Well in a nutshell, I had a roommate living with me for a little over a year. Someone who I though was a "friend" until he stopped paying rent and I found him with drugs in my home. Anyway, he was a very shady person, and he would spend countless hours online doing what I dont know. But I do know the internet has always been in my name, so needless to say, it worries me. I know for a fact he would use torrents for movies and such, but as far as I know, it all occured on his personal computer. But I dont know since he would be here when I wasnt and could access my comp all though I never saw any evidence of it.
My System SpecsSystem Spec
27 Nov 2011   #19
frank1212

Windows 7 64 bit
 
 

Quote   Quote: Originally Posted by rubyrubyroo View Post
oh, one last thing what exactly do you have in your home peer network how many computers, any printers and how do they connect to the network, as well as anthing else, and i assume your using a common brand router withpretty much standard defalut settings...

this might help a bit
My cable, phone, and internet all run through the same modem. But I have two computers that connect wirelessly to the router and an ipod touch which has wireless internet access. Im using s Linksys WRT54GL router. Im pretty sure the settings are default, but I did disable UPnP.
My System SpecsSystem Spec
27 Nov 2011   #20
frank1212

Windows 7 64 bit
 
 

Quote   Quote: Originally Posted by rubyrubyroo View Post
actually the last entry in the log you posted is being sent by your computer by use of the reserved broadcast address 192.168.1.255 , which is always the last address available in a subnet. (assuming the subnet mask is 255.255.255.0). This can be used to speak to other devices looking for a particular "receiver" on the home network to respond to its request. but I'd rather not drag this out with assumptions, so Ill wait for a response from you before answering your Questions, as they could help me possibly see an obvious answer.

As i believe you have already disabled netBIOS on your computer, I will be back when you get a chance to reply with info. I won't forget to answer your previous questions though.

Sincerely
Mike
My subnet mask does say 255.255.255.0 on my router. But what do you mean by "reverse broadcast"?! Im pretty sure I have disbaled netBIOS, but can you reiterate so I can be positive?

For the life of me, I cant figure out why it says SOC. Thats whats truly bothering me. Should I be?

PLease help me get some sleep
My System SpecsSystem Spec
Reply

 PLease help, going crazy! IP 239.255.255.250 over and over




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Fan runs crazy, track-pad crazy, browser hangs, slow & unresponsive
Hi All, I hope someone here can help me as I can't go on with this crazy machine any longer... My machine is a 2012 Sony Vaio, I've just updated my system specs. What happens is the following: The fan runs for no apparent reason. It just takes off, loud and blowing out hot air even though the...
General Discussion
I get crazy!
Why is IE (regardless of version) changing the . to _ when I download a file (e.g. xxx.exe to xxx_exe or xxx.pdf to xxx_pdf)? The only thing I can do is to restart the Pc. On my laptop I use Windows 7 32 bit and on my desktop I use Windows 7 64 bit. Same error. On my work, I have asked our IT...
Browsers & Mail
New Tab gone crazy
I hope this is an easy question to answer. When I go File --> New Tab in IE9, instead of opening a new tab in my home page, it open to "about:Tabs". IS there anyway to force it open at my home page???
Browsers & Mail
Going Crazy
I have not made any changes to this machine and use McAfee Security Center which detects no virus problems so I do not understand what is going on. This week I am suddenly receiving the following error message when trying to open some e-mail:
Browsers & Mail
thats just crazy
Whats the craziest thing you've ever convinced your friends about computers. I once convinced my friend he needed a carbureator for his computer, so he could get NOS and overclock it. Google proved me wrong though.
Chillout Room


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 16:02.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App