In your local network setup all services heavily rely on a properly working Bonjour service (dns-sd), because you have no local domain name service.
To detect propagated dns-sd services of a host use the following command (please replace "ip-address" below by the ip-address of your Mac named user-mbp; use ifconfig -a on that Mac to get it):
dig _services._dns-sd._udp.local ptr @ip-address -p 5353
The dig output of a well working Bonjour service of a host looks like this :
; <<>> DiG 9.8.5-P1 <<>> _services._dns-sd._udp.local ptr @192.168.177.9 -p 5353
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37167
;; flags: qr aa; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;_services._dns-sd._udp.local. IN PTR
;; ANSWER SECTION:
_services._dns-sd._udp.local. 10 IN PTR _ssh._tcp.local.
_services._dns-sd._udp.local. 10 IN PTR _sftp-ssh._tcp.local.
;; Query time: 4 msec
;; SERVER: 192.168.177.9#5353(192.168.177.9)
;; WHEN: Wed Jul 29 02:00:16 CEST 2015
;; MSG SIZE rcvd: 94
As you can see I have only one service enabled: ssh (+ sftp-ssh)
To detect and get the names of all local hosts providing a special service (in my example ssh, check for more services here) use:
dns-sd -B _ssh._tcp local
If you want to skip detection after a while just enter ctrlC.
My output:
Browsing for _ssh._tcp.local
Timestamp A/R Flags if Domain Service Type Instance Name
2:51:05.778 Add 2 4 local. _ssh._tcp. MyMac
If you don't get a similar results, your dns-sd is broken and all other tools like ping, nslookup (and consequently all tools relying on that like ssh) will not work in your namespace since you don't have a local DNS-server as alternative. The DNS-server in your router (usually a DNS caching only server) as well as the DNS-servers of your ISP and the superior root servers know nothing about your local network and namespace.
To temporarily fix this (check man dns-sd) the following - executed on user-mbp - should work:
dns-sd -R user-mbp _ssh._tcp. local 22
You may even propagate a user and a password (I didn't test that and i don't know how that should work or how secure it is):
dns-sd -R user-mbp _ssh._tcp. local 22 u=<username> p=<password>
To permanently fix this, first update to 10.10.4 with the Combo Updater, check the search domain settings of your router's DHCP-server, delete all caches (e.g. with Onyx or Yosemite Cache Cleaner), use a *.local name (e.g. user-mbp.local instead of user-mbp) where appropriate (e.g. Sharing Prefs, shell), don't use "local" as search domain in your network prefs and then repair your Bonjour service with several answers provided here at stackexchange or if nothing helps alternatively set-up dnsmasq.
P.S. You should always use the full Bonjour-name (e.g. user-mbp.local) to address a local host/device using dns-sd. The reason to do so is the following:
A lot of routers provide a search domain for easier configuration if on-board DHCP is enabled or propagate an ISP connection specific domain name. Examples: The default search domain of my Fritz!Box is "fritz.box", the default search domain for some DLink routers seems to be "local".
If your Mac uses DHCP to assign an IP, the default search domain will be applied also. In my case pinging "myothermac" automatically appends ".fritz.box" and the host myothermac.fritz.box will be probed. If you don't have a DNS-server in your local network with a primary zone "fritz.box." containing a host with the name "myothermac", the command ping myothermac will fail. Unlike to ping myothermac.local, which should work if Bonjour is set-up properly.
Since most routers aren't Bonjour-aware, change any default search domain settings containing "*.local" or "local" or apparently some DLink routers with an empty search domain to something else like "happy.home" to avoid any conflicts with the Bonjour service.
Best Answer
Without more information about what monitoring tool you're using and exactly what it's showing, it's hard to say for sure what's going on. But I can tell you a little bit. mDNSResponder has three main jobs on OS X:
Sending out multicast DNS (mDNS aka Bonjour) lookups to the local network on port 5353 (and listening for responses). These include both looking up names (e.g. "I'm trying to contact somethingorother.local; what's its IP address?") and looking up available services (e.g. "what computers on the local network provide AFP file sharing services?").
Listening for and responding to mDNS lookups that apply to it. For example, if its Bonjour name is xxxs-MacBook-Pro.local and it sees a request for xxxs-MacBook-Pro.local, it'll reply with its IP address(es). Similarly, if you have AFP file sharing turned on and it sees a request for AFP servers, it'll reply ("Me! I'm xxx's MacBook Pro and I provide AFP service on port 548!").
Sending out normal (unicast) DNS lookups on port 53 to some DNS server (and listening for responses). Names that end in ".local" get sent out via mDNS; everything else (e.g. "www.apple.com") gets sent via normal DNS to the server(s) configured in the network settings.
If you're seeing activity on port 53, that's normal DNS. I'm not sure why you're seeing it as an incoming connection (unless it's really a reply to request you sent out?), or why the source would be your own computer. For those, I'd need more detailed info about what you're seeing.