Question
How to capture all UPnP traffic with tcpdump? I’d like to use “white list” and to collect only UPnP traffic, not something else.
So have started and wrote this filter:
https://stackoverflow.com/questions/18613201
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russiantcpdump -i eth0 -nevvv -s 0 '(udp port 1900) or (tcp port 2869)'
Used following info from Wikipedia:
How to elaborate the filter further?
Solution
It's not quite as simple as that. SSDP (the discovery protocol) uses port 1900 (and apparently in some cases 2869) but the actual UPnP service can be on whatever port: SSDP is just a way to discover that port and other details about the service.
See UPnP Device Architecture spec (pdf) for more details.
