How to know what sends a broadcast packet on port 8765

While looking at the traffic on Wireshark, I noticed my computer was sending a UDP packet every three seconds on the broadcast address to the port 8765, with the content "*" (42 in ASCII). It doesn't seem to be a response to anything. The source port changes every packet. I tried to nail down what was emitting this packet to no avail. I tried: * Stopping all of the non-vital services I could think of. * Add an iptables rule to drop the packets (this stop the packets, but doesn't help me knowing what emits them). * Add an iptables rule to stop forwarding to see if somehow it was forwarded by my computer, but no. * Use auditd with various parameters, but nothing matched and I couldn't even find a write(*,*,1)/send(*,*,1)/sendto(*,*,1,*,*)/sendmsg/sendmmsg with the right frequency. I am however not familiar with auditd. * auditctl -a exit,always -F arch=b64 -S socket -F a0=2 -F a1=2 to search for creation of IPv4 UDP sockets. * auditctl -a exit,always -F arch=b64 -S connect just to look for any connections. * auditctl -a exit,always -F arch=b64 -S write -S send -S sendto -F a2=1 to match send and write syscalls with length of 1. * audictl -a exit,always -F arch=b64 -S sendmsg -S sendmmsg * All of the above with -F arch=b32 instead. * Use netstat/ss but the socket is probably very short lived so it doesn't show anything. What are other ways to pin down what transmit this packet? What if it comes from the kernel or a kernel module? How could I know?