# 3702/UDP - Pentesting WS-Discovery

{{#include ../banners/hacktricks-training.md}}

## Basic Information

The **Web Services Dynamic Discovery Protocol (WS-Discovery)** is identified as a protocol designed for the discovery of services within a local network through multicast. It facilitates the interaction between **Target Services** and **Clients**. Target Services are endpoints available for discovery, while Clients are the ones actively searching for these services. Communication is established using **SOAP queries over UDP**, directed to the multicast address **239.255.255.250** and UDP port **3702**.

Upon joining a network, a Target Service announces its presence by broadcasting a **multicast Hello**. It remains open to receiving **multicast Probes** from Clients that are on the lookout for services by Type, an identifier unique to the endpoint (e.g., **NetworkVideoTransmitter** for an IP camera). In response to a matching Probe, a Target Service may send a **unicast Probe Match**. Similarly, a Target Service could receive a **multicast Resolve** aimed at identifying a service by name, to which it may reply with a **unicast Resolve Match** if it is the intended target. In the event of leaving the network, a Target Service attempts to broadcast a **multicast Bye**, signaling its departure.

![](<../images/image (689).png>)

**Default port**: 3702

```
PORT     STATE         SERVICE
3702/udp open|filtered unknown
| wsdd-discover:
|   Devices
|     Message id: 39a2b7f2-fdbd-690c-c7c9-deadbeefceb3
|     Address: http://10.0.200.116:50000
|_    Type: Device wprt:PrintDeviceType
```

{{#include ../banners/hacktricks-training.md}}