I've looked all over the Internet trying to find a good solution to my problem, to no avail.
Lately, we are seeing our LAN brought to its knees by mDNS floods.
When analyzing the traffic using WireShark, I am seeing that numerous devices are broadcasting and responding using UDP port 5353 to a multicast IP address of 18.104.22.168.
Most of these devices are laptops and PCs with iTunes installed, and the bonjour service running. The same happens for printers with bonjour enabled, and any iPods and iPhones that connect to the wireless network.
I keep turning off Bonjour on each PC, and printer, and tell each user to disconnect their iPod or iPhone from the company wireless network, but all it takes is one person to get a new iPhone or iPod, and it starts happening again.
What can I do to track down the specific culprit (if there is one), and/or what can be done on a larger/centralized scale to avoid the micromanagement nightmare of kicking all of these devices off the network one by one?
Embedded is an image showing the traffic in WireShark.