Odd UDP packets

Does anyone know what these packets are for? While doing a wireshark to troubleshoot an issue I found the phones are constantly sending a 4 byte UDP packet of “0d0a0d0a” to the server on port 5060. It’s not a SIP packet, and it coming from all the phones local and remote (this example only is showing the local phones). This customer does have random issues I cannot identify. The stations are chan_sip but again, these are from the phones (S505 and S705 phones) so I do not believe the system has anything to do with it, but you never know.

These are keepalive packets sent periodically to keep the NAT association open when the phone is remote and behind a NAT. Assuming that your phones are on the same LAN as the PBX, you could turn this off (in the phone configuration) if desired, as the intended function is unnecessary.

Normally, the packets are sent e.g. every 30 seconds, are harmless and represent a negligible system load. However, you show 3 packets from .104 within 30 milliseconds, which is unusual. If you have 3 or more ‘lines’ configured to register to the same server, this is expected, provided that they don’t keep coming at that rate.

Ahh, that makes sense. Yes its a bit strange on the frequency and the fact its not going through a nat. I will look at where to turn that off. Yes, all the phones are sending like two or more per second. Wouldn’t the options ping be enough to keep the nat open?

Normally, yes. But if a temporary network outage causes the association to time out, subsequent OPTIONS requests won’t reopen it. However, the outbound keepalives will keep it open, so an incoming call (received after the network came back to life) will get through.

I don’t have these phones but you should be able to find the setting in EPM. If not, log into the phone’s web interface and disable keepalive there.

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.