• ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
We have new content about printers, Click here to check it out!
Common problems for Connectivity Issues
We would like to share some of the most frequently asked questions about Printer Wi-Fi, Connectivity Issues and Offline Status. Check out this link: HP printer is offline or unavailable.
HP Recommended
HP OfficeJet Pro 8022e All-in-One Printer
Microsoft Windows 11

I noticed my HP printer is sending huge amounts of data over the LAN on Port 5357 - over 1TB in a 30day period

 

For one 8 day period it was 650GB sent and 237GB received, then for a 3 day period 190GB sent and 60Gb received, and lastly over a 9 day period 209GB sent and 9GB received.

Strangely only destined to IPV6 addresses on Windows machines on the LAN

(I didn't even think I was using IPV6)

 

Seems very odd to me;  is this expected behavior?

 

HP_Traffic_Flow_2.PNG

4 REPLIES 4
HP Recommended

I found your post after noticing the same thing (my PC was receiving lots of data with seemingly no cause).  I did a wireshark capture and saw that my printer was talking to my PC on TCP port 5357 repeatedly.  I also checked resource monitor and saw the printer was opening tons of connections as it was doing this.  Like yours, mine was also all IPv6 traffic.  I think this is a recent issue as I haven't seen this before, and I know my printer just got a firmware update recently... so hopefully it's something that can be fixed.  The data rate was about 20 Mb/s like your graphs show as well, but my printer model is M479fdn.  To solve it, I just logged into the printer configuration web portal and turned off IPv6, that seems to have stopped the flood of traffic for now.

Razidd_0-1660672543655.png

 

HP Recommended

Spoke too soon it appears, took a little bit but we're back to 20 Mbps again... crazy stuff, guess it just failed over to IPv4 after a bit but doing the same thing.  MF00-HP is my printer network name...

Razidd_0-1660672816129.png

 

HP Recommended

I re-enabled IPv6 and installed an HP printer app from the Microsoft store (HP Smart App) on the desktop that was getting the traffic sent to it, and it appears to have stopped for now.  I don't know if the printer was attempting to locate the app itself and it was timing out or what the cause, but so far it's been about 10 minutes and the traffic has stopped.  I noticed in your earlier graphs that the traffic dropped off before coming back, so I'll keep you updated if it starts sending again.  Maybe Windows printer discovery causes the issue somehow?  I can't really explain it otherwise since I never had the app installed before.

HP Recommended

In case it helps anyone else, the traffic reappeared after a reboot despite having the HP app installed.  This 5357 traffic is related to the WSD for Microsoft, so my final solution appears to be to block the traffic with the firewall built into the printer in my case.  I tried changing the port the printer was using from the default WSD to an IP one, but it would annoyingly reset itself back to WSD after a short period of time.  Disabling the Microsoft Web Services in the printer management page advanced network settings page didn't seem to prevent Windows from using WSD to still attempt communications that way.  Blocking this port at the firewall level on the printer itself appears to be the only sure way to keep it from communicating or attempting to do so, which is pretty annoying. 

 

For the firewall on the Printer, I just changed the default to allow traffic rather than deny (click the flag icon once), and then created a custom service template with all of the WSD stuff in it like so:

Razidd_0-1660695319803.png

Then I applied it to "all IP addresses" so that it would be above the default rule, then activated the firewall.  Seems to have cured the crazy traffic for good now.  You could also block this on the Microsoft firewall of the host, but you'd have to do it on every machine on the network which might be a pain.

Razidd_1-1660695477435.png

Hope it helps.

 

 

† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.