New problem solver
•
39 Messages
DPC3939B traffic to 224.0.0.1
Greetings,
I have noticed traffic coming from the DPC3939B gateway to 224.0.0.0 this seem to be multicast but multicast is blocked at the gateway and also blocked at server level. under my circunstances is this traffic normal? is there a way to stop it? thank you.
May 15 10:38:24 src=GA.TE.WAY.IP DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=24871 PROTO=2
May 15 10:40:28 src=GA.TE.WAY.IP DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=24873 PROTO=2
May 15 10:42:34 src=GA.TE.WAY.IP DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=24875 PROTO=2
May 15 10:44:39 src=GA.TE.WAY.IP DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=24877 PROTO=2
May 15 10:46:44 src=GA.TE.WAY.IP DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=24879 PROTO=2
May 15 10:48:49 src=GA.TE.WAY.IP DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=24881 PROTO=2
May 15 10:50:53 src=GA.TE.WAY.IP DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=24883 PROTO=2
May 15 10:52:59 src=GA.TE.WAY.IP DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=24885 PROTO=2
May 15 10:55:03 src=GA.TE.WAY.IP DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=24887 PROTO=2
May 15 10:57:09 src=GA.TE.WAY.IP DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=24889 PROTO=2
May 15 10:59:14 src=GA.TE.WAY.IP DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=24891 PROTO=2
May 15 11:01:19 src=GA.TE.WAY.IP DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=24893 PROTO=2
May 15 11:03:23 src=GA.TE.WAY.IP DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=24895 PROTO=2
May 15 11:05:29 src=GA.TE.WAY.IP DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=24897 PROTO=2
May 15 11:07:33 src=GA.TE.WAY.IP DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=24899 PROTO=2
May 15 11:09:38 src=GA.TE.WAY.IP DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=24901 PROTO=2
May 15 11:11:44 src=GA.TE.WAY.IP DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=24903 PROTO=2
May 15 11:13:49 src=GA.TE.WAY.IP DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=24905 PROTO=2
May 15 11:15:54 src=GA.TE.WAY.IP DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=24907 PROTO=2
May 15 11:17:59 src=GA.TE.WAY.IP DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=24909 PROTO=2
May 15 11:20:04 src=GA.TE.WAY.IP DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=24911 PROTO=2
May 15 11:22:09 src=GA.TE.WAY.IP DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=24913 PROTO=2
May 15 11:24:14 src=GA.TE.WAY.IP DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=24915 PROTO=2
May 15 11:26:19 src=GA.TE.WAY.IP DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=24917 PROTO=2
May 15 11:28:24 src=GA.TE.WAY.IP DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=24919 PROTO=2
May 15 11:30:29 src=GA.TE.WAY.IP DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=24921 PROTO=2
May 15 11:32:34 src=GA.TE.WAY.IP DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=24923 PROTO=2
May 15 11:34:38 src=GA.TE.WAY.IP DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=24925 PROTO=2
May 15 11:36:44 src=GA.TE.WAY.IP DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=24927 PROTO=2
May 15 11:38:49 src=GA.TE.WAY.IP DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=24929 PROTO=2
May 15 11:40:54 src=GA.TE.WAY.IP DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=24931 PROTO=2
Accepted Solution
aic
New problem solver
•
39 Messages
10 years ago
Rich I turned off wifi on that second router and the trafic coming from the gateway is still coming to 224.0.0.1. something else is keeping it going but I do not see the source.
0
VBSSP-RICH
Advocate
•
1.4K Messages
10 years ago
Hello aic,
From what device and facility are you seeing this coming in on? This could be multicast from one of your wifi devices broadcasting functions that is not totally disabled.
0
0
aic
New problem solver
•
39 Messages
10 years ago
Hello Rich, thanks for taking this on.
all wifi on the gateway is off, private and public.
I do provide Wifi but is provided from another router thru an assigned a public ip.
the traffic I am concerned comes from the cisco gateway, one way, I see no reason for this traffic
0
0
train_wreck
Gold Problem solver
•
610 Messages
10 years ago
What you are seeing is the Cisco gateway attempting to participate in the "Internet Group Management Protocol (IGMP. See wikipedia http://en.wikipedia.org/wiki/Internet_Group_Management_Protocol )
I see the same thing. Here is a packet trace:
[root@pLAN9-Server2 /]# tcpdump -pni external ip dst 224.0.0.1 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on external, link-type EN10MB (Ethernet), capture size 262144 bytes 13:04:47.163084 IP 10.1.10.1 > 224.0.0.1: ICMP router advertisement lifetime 22:30 1: {10.1.10.1 0}, length 16 13:04:47.164068 IP 10.1.10.1 > 224.0.0.1: ICMP router advertisement lifetime 22:30 1: {50.252.78.6 0}, length 16 13:05:55.390668 IP 10.1.10.1 > 224.0.0.1: igmp query v3 13:05:55.394290 IP 50.252.78.6 > 224.0.0.1: igmp query v3As far as I can tell, there is no way to disable it. It doesn't really hurt anything or cause trouble, but if you are running your own routers, they will likely not be responding to these requests, and so the Cisco just keeps spewing these requests out out.
0
aic
New problem solver
•
39 Messages
10 years ago
Thanks train_wreck for taking this on.
The server firewall is dropping that traffic but is filling up the logs, the second router has a way to turn of IGMP and is off.
The cisco probably has a way to turn it off too, but is not user configurable, perhaps Comcast_Jon or Comcast_Jacob can check/confirm the IGMP setting and turn off if requested, I am hereby requesting it.
http://en.wikipedia.org/wiki/IGMP_snooping
http://en.wikipedia.org/wiki/Multicast_Listener_Discovery
http://www.networksorcery.com/enp/protocol/igmp.htm
thanks in advance @support
0