Answered

Probe Request Spam

  • 1 January 2017
  • 4 replies
  • 894 views
D
Is it normal for these Sonos devices to send tens of thousands of probe requests per day? It is kind of flooding out my network analysis. I can just filter this traffic out, but before I do I wanted to find out if this is normal behavior. Between my three devices, over the last 1-2 hours, I have captured 14,000 probe requests. Seems kind of crazy.

I have a Sonos Play:3, Playbar and Connect. They are all connected via wifi, none of them are plugged in. Examining my network traffic, I see that they are constantly spamming probe requests to Sonos_OPSFJSLDGNSODV (I made that name up but that's the basic idea). I guess that is a mesh network that the three devices use?
icon

Best answer by ratty 1 January 2017, 22:50

View original
This topic has been closed for further comments. You can use the search bar to find a similar topic, or create a new one by clicking Create Topic at the top of the page.

4 replies

D
Ok, that sounds like it might be what it is then. If I open the advanced settings in the app, the "Connect to SonosNet" setting says "Don't Allow Connection", but that seems to be a setting for the phone and not for the Sonos devices. I will just filter those packets out of my network analysis. Thanks for clearing that up.
ratty
100,000 per day is about one every second, which sounds a bit like the STP BPDU traffic in SonosNet mode and is in no way onerous.
D
It isn't IP traffic, but an 80211 Management Frame. It is broadcast to all MAC addresses (ff:ff:ff:ff:ff:ff). It is the same probe request other wireless devices send to see if a network is available they have associated with in the past. For example, my phone probes for `xfinitywifi` once in a while. The question is why these three devices do it so much. It is going to be over 100,000 times today.
ratty
That looks like an SSID for an Android to attach to SonosNet. However, in WiFi mode ('Standard Setup') the SonosNet mesh isn't active. There's no STP traffic either -- which accounts for a once-per-second exchange of data in SonosNet mode -- since STP is disabled.

What's the destination IP:port for all the traffic you're seeing?
Terms & ConditionsCookie settings