ND5XS2 - Tuned off but reaching out to WAN over TCP?

Can anyone confirm if their naim streamer is reaching out to your WAN over TCP even if it is switched off.

I am very security aware and notice my naim ND5XS2 streamer is reaching out to two IPs even after the ND5XS2 has been switched off for 4 hours. I stopped listening to my streamer before football started today, and nearly 4 hours later I still see established states over the TCP protocol.

The middle state I understand. This is mDNS and is completely normal.

The other two states appear to be Google servers, one in the UK and one in Brussels.

My ND5XS2 is completely isolated on its own VLAN with no other network devices allowed on there, fully locked down.

Any network specialist on here finding the same behavior?

I’d guess: Either it’s looking for software updates, or it’s sharing usage data.

See here

There need be no guessing nowadays. is Google.
224 is private IP addressing (i.e. not sent to internet). Port 5353 is discovery. is Google.

Google search can tell you what these addresses are for and what things like port 5228 are.

Just like your mobile phone, is it ever truly “off” if a power source is available….


Did you even read my post? You’ve repeated what I already said in my OP.

It appears Naim are selling our data to Google. I’m currently packet sniffing and can now see what requests are been made. Luckily I’m already blocking Google from sniffing my privacy so they get nothing back from me - but I can’t stop the ND5 XS2 from constantly trying to reach out.

What makes me angry about all this is the GDPR hoops I have to jump through with my job, but Google analytics can try monitor my every move 24/7.

I’m sorry, but that stinks!

1 Like

The first reply to your post showed it’s all common knowledge.

No secrets.

A forum search would have quickly answered your question.

No network specialism required.

I do hope you don’t browse the internet, given most sites send data to Google analytics or similar trackers.

I presume you would also never use any mobile devices with data services?

Do you use any streaming music services via your ND5XS2, or access internet radio? Oh dear……


Yeah there must be a lot of valuable data you are leaking there. I expect a big corporation or a nation state would pay 0.000001p for a year’s worth of such data.

@IainO - you are completely missing the entire point and I am unable to educate you unfortunately.

I appreciate my Android/Google phone reaches out to Google as that is obvious! What I didn’t realise is the need for my Naim gear to reach out to Google - and certainly not when my streamer isn’t even switched on.

1 Like

Well I shall remain uneducated whilst you remain tracked.

1 Like

Define valuable data.

You know it has chromecast in it?
All the answers have been provided by Steve already. I guess if you want you can try to block all that data, but then you might prevent or disable some of the functions of the streamer from working.

That is my point. There is no valuable data about how you use your ND5 XS2. No-one has the least interest.

1 Like

The data must be valuable to someone, otherwise why collect it in the first place? I’m just looking for clarification as to what the data actually is.

I did think my question was quite legitimate. Eeek.

Looks like I’ve stopped all these handshakes now, so all sorted. Cheers for the help people. :grin:

Spot on, and is a group multicast address on your home network… so goes nowhere near the internet/WAN. It is a multicast discovery address when using the shown port on your home network subnet, almost certainly mDNS/Bonjour.
Further addresses can’t be routed, so it logically can not communicate outside of your home network subnet, even if you wanted to. So given that the OP has created a separate subnet for their streamer, they are crippling some capabilities with their other home network subnets unless they have programmed helpers within their internal router.

Its worth knowing in domestic consumer network audio, most applications are designed to work using network methods that work within a single subnet/broadcast domain.


Sure…But if you’ve set up VLANs then you’ll likely also know the need for some inter VLAN routing – you would need one directional communication for access and control at the minimum….

With UniFi at least, Multicast across networks is a one box tick of the mDNS option in global network settings…(Though knowing UniFi it probably doesn’t work 100% :rofl:)

I currently have my audio in the main ‘trusted’ network…but you could argue the case whether it actually belongs in a IoT subnet…

And I agree – there’s a heavy manufacturer presumption that devices will be homed and operated in a typically flat 192.x.x.x network run out of a ISP one box router/modem ….


See the link in the first reply written by the director of software at Naim, it’s all explained.

Yeah I wouldn’t get hung up with VLANs, that is simply trunking multiple subnets together down a trunk with tagging. Those VLANs will represent seperate subnets which will need to be routed, using a router with routing tables.
Helping mDNS with a tick box across the router sounds like a prepfrrammed helper. However you will need other helpers for SSDP (which uses a different multicast group address) as used in UPnP as well. It can all get quite involved… and really of marginal if any benefit.
Partitioning subnets like this for ‘security’ reasons is very old school, and not really that effective unless a firewall or equivalent.such as SDLAN contracts are used.

BTW the single broadcast domain used for home networks with ipv4 can equally be Class A, B or C. Class C networks (192.168.x.x) can only have a max subnet size of /24 which is 254 host addresses, which for most home networks is sufficient. Increasingly ipv6 is not constrained this way, and for IoT I suggest really is better managed in an ipv6 defined subnet

Well of course…in my case the UXG Pro’s own. If I was ever to change from that, would probably be pfSense I guess.

Re VLANs, I’m not so sure they’re that old school…! Seem to be increasingly practiced even at a domestic level, let alone business and commercial…Aside to elements of security, I like the logical separation they offer within a network…

Yes of course. I was just meaning that ‘for most’ end users, home networks are set up in typical default styles out of the supplied ISP router, most often a flat Class C.

1 Like

VLANs are not old school in themselves, i use them much of the time , using them as some elementary network micro segmentation method for ‘security’ reasons via a non firewalled or equivalent router is… and of questionable benefit and unnecessary complexity, it adds no effective network security when using switches … other than with very large sub networks where you might want to manage and limit broadcast domain overheads.

If you like the idea of object defined networking, you should look at software defined LANs (SDLAN) … but as far as I am aware such tools and fabric type switches are not readily available for consumer home networks……, also network based security these days is increasingly focussed on user/ service based authentication via AD and/or certificates or similar , rather than relying totally on network segmentation boundary controls… but I guess home network products and services will take some years to catchup as they usually do.

The best home network security methods you can do these days are to ensure all hygiene products, product patches and operating system patches are upto date and current, and practice good hygiene methods on emails, web sites and software downloaded.

You don’t need any fancy home network product setup…

Which state is the system in?
Network connected standby? (E.g. via the app, the remote, a short press on the front button, or via standby timer.)
In this state the unit is not off - you can wake it from the app, the remote, or also AirPlay/Chromecast/… (depending on which inputs are enabled.)

You can also send the system to soft-off, usually via a long press on the power button at the front of the unit. I never checked, but I’d expect the unit to be “dead to the network”in this state.

1 Like