Home Network Community > 5G/4G Wi-Fi Routers/MiFi > Flooding of broadcast ip with UDP 20002 calls
< 5G/4G Wi-Fi Routers/MiFi

Flooding of broadcast ip with UDP 20002 calls

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Flooding of broadcast ip with UDP 20002 calls

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Flooding of broadcast ip with UDP 20002 calls
Flooding of broadcast ip with UDP 20002 calls
2021-07-16 05:27:07
Model: Archer MR600  
Hardware Version: V2
Firmware Version: 1.3.0 0.9.1

I have an MR600 router connected via a switch to a pfsense router.

Pfsense IP is: 10.0.1.2 and MR600 IP is: 10.0.1.1

My subnet is 255.255.255.248 (/29)

 

If I connect the router directly to the pfsense port all is fine.

 

But I want to have the router closer to the window so I need to use my LAN plug in the house so I have to use a network switch.

When I use the switch I start getting a flood of messages on the broadcast address (remember it's /29 hence my broadcast is 1.0.1.7) - I have tried with a /24 network and I get the same result.

This shows up in pfsense as utilising 10Mbits of constant traffic.

 

The port is UDP 20002:

 

 

I'm attaching the packet capture.

 

I don't know if this a MR600 service that is cause all this traffic and can be quickly turned off.

 

Note that I had with the same config another 4G router (got the MR600 because it was 4G+) and didn't have any issues with my network setup.

 

Thanks!

File:
packetcapture.zipDownload
  0      
 
  0      
 
#1
Options
2 Reply
Re:Flooding of broadcast ip with UDP 20002 calls
2021-07-16 09:40:40

@murdof 

Hi, I did not quite under the packet capture log so later I would like to forward your case to the senior engineers.

Before that, could you please help me check some information:

1. Since there are 2*Archer MR600 under your TP-Link, Did both of them have the same issue?

2. What is the model number of the other 4G router which is working without any issue?

3.What is the model number of the network switch?

4. Archer MR600 is the DHCP server with IP 10.0.1.1/255.255.255.248, right?

Deco Monthly Recap- Check What's Currently Going on With Deco KidShield Test Recruitment, Share Your Ideas With us! Wi-Fi Schedule Ideas Wanted!
  0  
  0  
#2
Options
Re:Flooding of broadcast ip with UDP 20002 calls
2021-07-16 12:49:37

@TP-Link 

1. The second MR600 is in a remote location as a standalone so I haven't checked that. It is not connected to another router as the one I'm referring to.

2. The other 4G was na Alcatel router not a TP-Link

3. The MR600 router is connected to a Xiaomi AP AX1800 RA67

4. I don't have DHCP enabled - I'm using static IPs as the only devices I have on that subnet are MR600 and Pfsense router.

 

I see that UDP 20002 is related to onemesh: Zero Day Initiative — Exploiting the TP-Link Archer A7 at Pwn2Own Tokyo - Google Search

 

I understand for v1 MR600 there is a beta firmware to disable it. I assume that I can not flash this to my v2 MR600.

Can you please check if indeed onemesh is to blame here and if yes if disabling it will stop the broadcasts?

Is there a beta version for v2?

 

Thanks

  0  
  0  
#3
Options

Information

Helpful: 0

Views: 1272

Replies: 2

Related Articles
RE700X flooding my network with broadcast packet on UDP 20002
457 0
RE605X range extender broadcasting UDP packets on port 20002
255 0
ARP Flooding by the Router
733 0
Can't forward UDP port 500 when other UDP ports work
1296 0
AX6000 broadcasts local network, says it has internet but doesn’t broadcast
234 0
mr600- can it not broadcast ssid at all from 1st time startup?
351 0
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.