blog:huge_traffic_for_wemo_devices

Huge traffic for WeMo devices

The Wemo device on my network was generating a lot of traffic and I wanted to know why. Others have asked the same question

This is our Wemo. We'll need the mac address so we can capture traffic to/from this device. My equipment is all UniFi; Router EdgeRouter X, Access point AC Lite.

SSH to the Unifi WiFi point and run a tcpdump for the MAC address of the WEMO device.

tcpdump -w /tmp/wemo.pcap ether host 24:f5:a2:f4:b0:8f

Address 192.168.1.1 is my router

It's performing a UPNP enumeration. Given there are no device opening UPNP rule we will disable the service

$ show upnp2 rules
Firewall pin holes
 pkts bytes target     prot opt in     out     source               destination

NAT port forwards
 pkts bytes target     prot opt in     out     source               destination
 pkts bytes target     prot opt in     out     source               destination

$ configure
# disable service upnp2
# commit
# save

Other devices on my network such as a printer are also running a UPNP listening. IP ending in 101 is the printer. The WeMo is constantly asking this device for its endpoints via an HTTP request that returns XML (yet more traffic).

Go into the Printers Web Administrative interface and disable the UPNP protocol, we don't want a UPNP service in the printer anyway.

This reduced the amount of Wifi traffic the WeMo is generating as there are no devices that will communicate UPNP with it.

  • blog/huge_traffic_for_wemo_devices.txt
  • Last modified: 2021/12/30 23:48
  • by brett