In many cases disabling SSDP is required. This reduces the public visibility of the Packet Capture system.
Step 1 - Current Network Profile
curl -u admin:xxxxxxxx -k "https://{BMC Address}/redfish/v1/Managers/Self/NetworkProtocol" |jq
fmadio@fmadio100v2-228U:~$ curl -u admin:xxxxxx -k "https://192.168.1.100/redfish/v1/Managers/Self/NetworkProtocol" |jq
{
"@odata.context": "/redfish/v1/$metadata#ManagerNetworkProtocol.ManagerNetworkProtocol",
"@odata.etag": "W/\"1655790673\"",
"@odata.id": "/redfish/v1/Managers/Self/NetworkProtocol",
"@odata.type": "#ManagerNetworkProtocol.v1_4_1.ManagerNetworkProtocol",
"Description": "Network Protocol Details",
"HTTPS": {
"Port": 443,
"ProtocolEnabled": true
},
"HostName": "AMIE0D55E5D2156",
"IPMI": {
"Port": 623,
"ProtocolEnabled": true
},
"Id": "NetworkProtocol",
"KVMIP": {
"Port": 443,
"ProtocolEnabled": true
},
"NTP": {
"NTPServers": [
"time.nist.gov",
"pool.ntp.org"
],
"Port": 123,
"ProtocolEnabled": false
},
"Name": "Manager Network Protocol",
"SNMP": {
"Port": 161,
"ProtocolEnabled": true
},
"SSDP": {
"Port": 1900,
"ProtocolEnabled": false
},
"Status": {
"Health": "OK",
"State": "Enabled"
},
"VirtualMedia": {
"Port": 443,
"ProtocolEnabled": true
}
}
fmadio@fmadio100v2-228U:~$
The import part is extracting the ekey required for the next step. In this case the value is "1655790673"
curl -u admin:xxxxxxxx -k -X PATCH
-H "Content-Type: application/json"
-H "If-None-Match: {Insert ekey}"
"https://{BMC Address}/redfish/v1/Managers/Self/NetworkProtocol"
-d '{"SSDP":{"ProtocolEnabled": false}}' | jq
Step 3 : Verify SSDP is disabled
Use the same command in Step 1 to check the status of SSDP service. It should now be "false"
curl -u admin:xxxxxxxx -k "https://{BMC Address}/redfish/v1/Managers/Self/NetworkProtocol" |jq
