I came across a strange issue where I was noticing an extremely high number of UDP sessions using port 8612.¬¨‚Ä† This is not a normal port for UDP traffic or any traffic for that matter so I wondered what it was doing.¬¨‚Ä† Taking a closer look it appears that an old Cannon printer finder application had been loaded on teacher and some student machines in the past.¬¨‚Ä† This little utility was located in
/Library/Image Capture/Support/LegacyDeviceDiscoveryHelper/ directory.¬¨‚Ä† Turns out in this directory I found this app CIJScannerRegister.app.¬¨‚Ä† This worthless little app just sends out broadcast UDP packets everywhere looking for an old legacy model Canon network printer.¬¨‚Ä†¬¨‚Ä†¬¨‚Ä† Here is the deal,¬¨‚Ä† on our network we don’t have a single Canon printer, let along a canon network printer.¬¨‚Ä†¬¨‚Ä†¬¨‚Ä† What ends up happening is 100’s of machines just send out endless broadcast looking for nothing,¬¨‚Ä† this is just noise and added network congestion.
To Remove I simply used ARD (Apple Remote Desktop) and did two quick terminal commands with root access.
The first command simply kills the process which is causing the endless UDP broadcast packets.¬¨‚Ä† The second command deletes the application so cannot start again on a machine restart.
rm -rf ¬¨‚Ä†/Library/Image\ Capture/Support/LegacyDeviceDiscoveryHelpers
(Sending Command to Multiple machines – Remember must use Root account)
This greatly reduced the load on our Core switch during peak times.
Core Switch | Cisco show processes CPU command
Prior to stopping this rogue app / our core switch would hit CPU utilizations of 82-84%, ¬¨‚Ä†with this app and all the useless UDP packets being stopped the core immediately returns to a more normal activity.
(Normal CPU Utilization for Core switch)