I just plugged in a couple tp-link wirless access points and found that while they work fine, I am now seeing traffic going from their internal ip's to a 239.255.255.250 which is nothing on my network. Researching that ip, it looks like it might be related to ssdp? I looked through all the settings and see nothing about ssdp. I also turned off everything I could find in the ap - upnp, firewall, dhcp, etc. (I am only using it as a basic wireless access point on to the lan).
Any ideas?
This is indeed a multi-cast address used by ssdp. Among other things printers use this to advertize that they are IPP capable. Windows PC's can do this as well if the have the MS webserver (IIS) running.
Your access-points (and your internet facing router) simply send it along as they consider it normal outgoing traffic. (Most routers automatically block outgoing multi-casts when they are NATTING as it makes no sense to send this kind of traffic to the internet. Some routers are smart enough to block 224...* multi-cast, but let 239...* through.)
Contrary to popular believe this, by itself is NOT UPNP related. It is of course possible that a UPNP capable device used UPNP to tell the router to open the firewall for this traffic.
This is often associated with UPnP. The address 239.255.255.250 is not a "valid" internet address but used for other purposes. Looking it up with WHOIS will report "reserved for special purposes" The traffic may be a device on your network using UPnP
