On Mon, 25 Jun 2001, Jason R. Seats wrote:
> max wrote:
> >
> > 224.0.0.0-239.255.255.255 are multicast addresses. That machine is
> > probably somehow misconfigured and is trying to talk to a multicast group,
> > to be more precise, is trying to join a multicast group. Might be a
> > software issue, if that machine is running something like cuseeme (or any
> > other real time conferencing software) software, that could explain it.
>
> It is happening from every machine on the local subnet, with some
> occasional traffic to other mcast ip's like:
>
> SVRLOC.MCAST.NET.427
> SVRLOC-DA.MCAST.NET.427
> MICROSOFT-DS.MCAST.NET.42
Sounds like an open and shut case of Microsoft machines blurting their
packets all over town.
> also,
> IGMP to 224.0.0.2
This is mostly seen with RIP.
None of these should in itself be a problem. However if every workstation
starts to yell this all over the network you may find that a switched
network is taking a significant hit.
It seems that every generation of windows is sending out more broadcasts
then the previous ones. Sounds like a lot of fun.
Hugo.
--
All email send to me is bound to the rules described on my homepage.
hvdkooijat_private http://hvdkooij.xs4all.nl/
Don't meddle in the affairs of sysadmins,
for they are subtle and quick to anger.
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see:
http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Jun 27 2001 - 17:20:17 PDT