How do I shut-off constant SNMP from MacBook ?

[Frobozz]

It seems that my MacBook Pro constantly queries the HP-J6480 printer with SNMP requests of the same kind. macBook gets the same reply and sends it out again at the rate of two per second, forever.

There is no Firewall blocking this.
I do not have SNMP turned on.
This is a simple home network, usually only my MacBook. The printer is on Ethernet to the Airport Extreme.

I would dearly love to quash the bloody SNMP output as it's quite nearly a DDOS against me!

 

[ElDiabloConCaca]

Could it possibly be the Bonjour protocol? Do you know if your printer is capable of Bonjour?

 

[Frobozz]

Could it possibly be the Bonjour protocol? Do you know if your printer is capable of Bonjour?

hmmmm ...when I initially scan for printers, Bonjour is one of the display of the HP-J6480 that appears, the other being the same printer but without the Bonjour in the next column.

how would I disable that then?

 

[ElDiabloConCaca]

I don't know... it should be in the printer manual somewhere (I would recommend turning it off on the printer, rather than turning it off in Mac OS X first).

 

[Frobozz]

Yuh, actually what I meant was that the Mac finds, eventually, the same printer, albeit twice. One listed as through Bonjour and the other as Network.

I deleted the printer listed in the Print & Fax preferences ... but there is still another listing somewhere because after a reboot Wireshark still shows all the running packets between 10.0.1.2 and 10.0.1.3 SNMP ...

Any idea where the plist is for printers? Maybe it contains an SNMP setting. I've not figured out bhow to enable searches thru .etc and so forth when using a Search in Finder or the Spotlight

 

[Frobozz]

It doesn't seem possible. I've tried removing the printer via the CUPS interface also. My Mac insists on sending 30 to 40 requests per second SNMP and gets that many back. per second, form the printer.

I'd written to HP support about this a week ago and they, being nice, told me it was a Mac problem.

Surely there is some guru who has come across this before ?? hopefully

 

[Satcomer]

Well I use a shareware program (it has a 7 day trial period) called Print Therapy (10.5.x) or Printer Setup Repair (for 10.4.x). Use the 7 day trial period to run the whole program fixes. This program saved my printing butt more than once.

 

[Frobozz]

that was a good little program. I D/L'd it and ran thru the whole thing, including the complete system/printer reset ... to no avail. While the program says it deleted all user printer files and setups, when I came out of the sys-restart, and ran Wireshark, I still see thousands of SNMP interactions between my Mac and that blasted HP on the Ethernet.

\However, thanks for the pointers to that printer fix-it program. Mind you, having run it, it tells me there is nothing wrong with my printer setup ... I claim there is ... unless someone else will run Wireshark, capture packets and verify that their networked printer is playing DDOS with their Mac.

Just gotta be some setting I have mal-configured. However, I kenno fee-g-yer eat-out.

 

[Satcomer]

Well i going to blow you mind. Get to the nitty gritty of the BSD under the hood part of OS X. Get into the CUPS printing in OS X by going to: http://127.0.0.1:631/ .

 

[Frobozz]

Well. ... I eventually deleted the printer; re-added it; and had no SNMP /// then after re-start this morning, I am back to several hundred a minute as seen in a jpeg screen shot here:
< http://img385.imageshack.us/my.php?image=picture1lf2.jpg >

this is extremely annoying. It's hard to believe this only affects my network.

 

[ElDiabloConCaca]

Does this "chatty" behavior somehow affect your network in an adverse way (extremely long ping times, firewall warnings, unresponsive network devices, slow internet access, etc.), or is it a case of seeing something and thinking it's amiss?

Also, from doing some research online, it seems that having many routers (or perhaps more than one router between your Mac and the printer) can cause SNMP to exhibit weird behavior (even though it's not supposed to). Is your network setup simple (one router, many devices), or is it more complex with routers connected to routers, with devices interspersed?

 

[Frobozz]

Thanks for making me think ... and ... actually I first noticed a slowdown in DirecTV downloads via Ethernet and their "On Demand" setup.

 

[ElDiabloConCaca]

Does the slowdown occur only with DirecTV downloads? If so, that may be a separate issue -- I would think that if the SNMP packets were causing a slowdown, it would affect the entire network, or at least the portion of the network (in the case of a multiple router setup) that the printer/Mac are connected to.

 

[Frobozz]

Does the slowdown occur only with DirecTV downloads? .....

Nah ... I'd been mentally complaining that my entire DSL "experience" had been bragging ... which seemed to coincide with a printer upgrade ... and it's just a simple home network ..my Mac usually the only device aside from the printer and the DirecTV interface.

I've run the standard Broadbbandreports DSL test ... they seem at , or near, what they were a year ago.

But that aside, is it normal for a mac to continually hit a printer with SNMP requests? Anyone else able to run Wireshark and watch the en1 line (since I am Airport to the Airport-Extreme)


So, irrespective of IF the SNMP's cause a problem, is it normal?

 

[Satcomer]

Have you looked to see if the bonjour settings are going bad? To stop & Start bonjour you have to be comfortable with the Terminal (/Applications/Utilities/Terminal). This is not a tame thing to stop/start Bonjour. Here are the Terminal commands (here):

Stop Bonjour service:

sudo launchctl unload /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist

Start Bonjour service:

sudo launchctl load /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist

 

[Frobozz]

OK. First I verified thru Wireshark that the racket was still going on
Then I stopped mDNS and verified thru Activity-Mon that the entire process was stopped. Then I ran Wireshark capture and still see a continual flow of req-resp between the two.

I can't for the life of me recall how I stopped the junk two days ago .. I do remember how it started back up after starting the home network in the morning.

I tried deleting the printer from both CUPS interface and teh "Preferences" approach ... but the request-response stuff continues ... and I have tried rebooting the sys also .. tho I didn;t try it just now after stopping mDNS 'cuz it will most certainly be in the startup plist and get going before I can get into Terminal.

I have searched for viable .conf files for SNMP but anything I have modified dies not seem to be implemented/read by the system ... I was wondering if I could limit the amount if time it was on ... but like I said, I can't prove that mDNSresponder is reading anything that I have personally modified (and restarted system)

 

[agoodwin]

I had a similar issue where I wanted to stop my Mac from sending out any SNMP packets. After a whole lot of research, I found out that Mac OS X has a firewall that was retained from BSD.

The firewall program is called IPFW. Feel free to check out this site for more informaton on how to set up rules in IPFW. BTW you'll probably be wanting to block TCP and UDP ports 161 and 162.

Good luck!

 

[Satcomer]

The IPFW BSD firewall can use the free programs WaterRoof or NoobProof and use a GUI to access the IPFW.