[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Unexpected IGMP network traffic



Ralf Spenneberg writes....
> 
> Am Mit, 2003-02-26 um 22.18 schrieb Cliff Kent:
> > Oops... One More Time...
> > 
> Hi Cliff,
> 
> > I ran "tcpdump -X proto 2" as root for about 2 minutes today and 
> > produced a 76 Kb text file. (The same command on a RH8 box here produced 
> > nothing in and hour.)
> 
> > 
> > 13:56:52.679075 ny-auburn2c-319.aburny.adelphia.net > 
> > EXTENDED-SYS.MCAST.NET: igmp v2 report EXTENDED-SYS.MCAST.NET [ttl 1]
> > 0x0000	 4600 0020 e756 0000 0102 5ed6 1834 e53f	F....V....^..4.?
> > 0x0010	 e000 0137 9404 0000 1600 08c8 e000 0137	...7...........7
> > 0x0020	 3737 3737 3737 3737 3737 3737 3737     	77777777777777
> Can you elaborate on the IP address above?
> Is ny-auburn2c-319.aburny.adelphia.net your Linux Box?
> 
> If you want me to have a look, send me the file. 
> 
> Che
> -- 
> Ralf Spenneberg
> RHCE, RHCX
> 
> IPsec/PPTP Kernels for Red Hat Linux:  
> http://www.spenneberg.com/.net/.org/.de
> Honeynet Project Mirror:                http://honeynet.spenneberg.org
> Snort Mirror:                           http://snort.spenneberg.org
> 

Hope this doesn't confuse things, but I get something similar.
I'm running a network behind a linksys router.
I 'think" I have all the garbage from outside filtered out, but
I get this when I run "tcpdump -X proto 2"

"kris.jaycrews.com" is a XP machine on the internal LAN.

Should I worry about this?
How can I filter it out?

Thanks

-- Jay Crews
jpc jaycrews com

[root scooby bin]# tcpdump -X proto 2
tcpdump: listening on eth0
12:57:26.052971 kris.jaycrews.com > IGMP.MCAST.NET: igmp v3 report, 1 group record(s) [ttl 1]
0x0000   4600 0028 6904 0000 0102 1a3a c0a8 00d3        F..(i......:....
0x0010   e000 0016 9404 0000 2200 ea03 0000 0001        ........".......
0x0020   0400 0000 efff fffa 0000 0000 0000             ..............
12:57:26.746676 kris.jaycrews.com > IGMP.MCAST.NET: igmp v3 report, 1 group record(s) [ttl 1]
0x0000   4600 0028 6913 0000 0102 1a2b c0a8 00d3        F..(i......+....
0x0010   e000 0016 9404 0000 2200 ea03 0000 0001        ........".......
0x0020   0400 0000 efff fffa 0000 0000 0000             ..............





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]