On Sat, 04 Aug 2012, Paul Zimmerman wrote: > JulHer <jul...@escomposlinux.org> writes: > > >239.255.255.250 maybe is SSDP > >>http://en.wikipedia.org/wiki/Simple_Service_Discovery_Protocol >The other > >stuff I don't know, > That's a possibility, I guess. But it's not an intermittent > or occasional thing. And it doesn't run for a bit and then > stop. This is a constant 10-14k stream of data coming from > somewhere. What I don't understand is why the multicast IP > address would be the source, and the router IP would be the > destination, and yet it shows up streaming into MY computer. > (I don't control the AP.) Why would data streaming from an > abstract address TO the router/AP be incoming to my system? > > If I boot Windows XP on the same machine (it's dual boot) > and connect to the same AP I don't see this. And before these > latest updates I didn't see it in Linux either. So WHAT > changed in those updates? And why does it make the AP send > this continuous stream at me?
Install package wireshark. Add to it a filter "host 239.255.255.250" and capture ~5s worth of traffic to a file. Gzip it, and send it attached. You may send it to the debian-security list [WARNING: debian-security IS a public list] instead of debian-user. If you send it to debian-security, please send it attached to a email where you summarize this thread, so that people there will know what you're talking about. Alternatively you may use 'tcpdump' instead of wireshark. Run "tcpdump -s 1600 -i any -w /tmp/output.tcpdump.bin host 239.255.255.250", and stop it with ^C after 5-10s. It will save the packet dump to /tmp/output.tcpdump.bin, which you should gzip or xz'ip before attaching. While you're doing the capture, just in case, DO NOT engage in any other activities, do not have your browser, mail user agent, or any other programs open that could send credentials over the wire (such as email logins, etc) just in case the wireshark filter is not correct and it ends up capturing packets with data you'd rather keep private. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120804204730.gb13...@khazad-dum.debian.net
