Re: strange packets

[Hugo van der Kooij <hvdkooij () vanderkooij org>]

On Mon, 25 Jun 2001, Jason R. Seats wrote:

> max wrote:
> > 224.0.0.0-239.255.255.255 are multicast addresses. That machine is
> > probably somehow misconfigured and is trying to talk to a multicast group,
> > to be more precise, is trying to join a multicast group. Might be a
> > software issue, if that machine is running something like cuseeme (or any
> > other real time conferencing software) software, that could explain it.
>
> It is happening from every machine on the local subnet, with some
> occasional traffic to other mcast ip's like:
>
> SVRLOC.MCAST.NET.427
> SVRLOC-DA.MCAST.NET.427
> MICROSOFT-DS.MCAST.NET.42

Sounds like an open and shut case of Microsoft machines blurting their
packets all over town.

> also,
> IGMP to 224.0.0.2

This is mostly seen with RIP.

None of these should in itself be a problem. However if every workstation
starts to yell this all over the network you may find that a switched
network is taking a significant hit.

It seems that every generation of windows is sending out more broadcasts
then the previous ones. Sounds like a lot of fun.

Hugo.

-- 
All email send to me is bound to the rules described on my homepage.
    hvdkooij () vanderkooij org         http://hvdkooij.xs4all.nl/
            Don't meddle in the affairs of sysadmins,
            for they are subtle and quick to anger.





----------------------------------------------------------------------------


This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see:

http://aris.securityfocus.com