On Fri, 21 Nov 2008 06:50:04 -0600 Dale <[EMAIL PROTECTED]> wrote: > Hi, > > I noticed a little modem activity while I was idle. I wasn't sure > what it was so I used wireshark to capture and exported it. I did a > google search and even read the wikipedia thing but I'm still not > sure what to make of this. Here is what I got from wireshark: > > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > > No. Time Source Destination > Protocol Info > 20 113.958458 209.244.187.170 224.0.0.1 > IGMP V2 Membership Query, general > > Frame 20 (44 bytes on wire, 44 bytes captured) > Arrival Time: Nov 21, 2008 06:41:55.382585000 > [Time delta from previous captured frame: 29.711333000 seconds] > [Time delta from previous displayed frame: 29.711333000 seconds] > [Time since reference or first frame: 113.958458000 seconds] > Frame Number: 20 > Frame Length: 44 bytes > Capture Length: 44 bytes > [Frame is marked: False] > [Protocols in frame: sll:ip:igmp] > [Coloring Rule Name: Routing] > [Coloring Rule String: hsrp || eigrp || ospf || bgp || cdp || vrrp > || gvrp || igmp || ismp] > Linux cooked capture > Packet type: Unicast to us (0) > Link-layer address type: 512 > Link-layer address length: 0 > Source: <MISSING> > Protocol: IP (0x0800) > Internet Protocol, Src: 209.244.187.170 (209.244.187.170), Dst: > 224.0.0.1 (224.0.0.1) > Version: 4 > Header length: 20 bytes > Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: > 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) > .... ..0. = ECN-Capable Transport (ECT): 0 > .... ...0 = ECN-CE: 0 > Total Length: 28 > Identification: 0x7a8b (31371) > Flags: 0x00 > 0... = Reserved bit: Not set > .0.. = Don't fragment: Not set > ..0. = More fragments: Not set > Fragment offset: 0 > Time to live: 1 > Protocol: IGMP (0x02) > Header checksum: 0xd1b4 [correct] > [Good: True] > [Bad : False] > Source: 209.244.187.170 (209.244.187.170) > Destination: 224.0.0.1 (224.0.0.1) > Internet Group Management Protocol > IGMP Version: 2 > Type: Membership Query (0x11) > Max Response Time: 10.0 sec (0x64) > Header checksum: 0xee9b [correct] > Multicast Address: 0.0.0.0 (0.0.0.0) > > 0000 00 00 02 00 00 00 00 00 00 00 00 00 00 00 08 > 00 ................ 0010 45 00 00 1c 7a 8b 00 00 01 02 d1 b4 d1 f4 > bb aa E...z........... 0020 e0 00 00 01 11 64 ee 9b 00 00 00 > 00 .....d...... > > > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > > Ideas? Thanks
Hmm it looks like an IGMP multicast group membership query. I have seen the (SAP) service discovery function of VLC broadcasting those (or something similar, i might be mixing up things here). On http://www.networksorcery.com/enp/protocol/igmp.htm i found: "0x11 Group Membership Query, general or group-specific. General Query is used to learn which groups have members on an attached network. Group-Specific Query is used to learn if a particular group has any members on an attached network. These two messages are differentiated by the Group Address." I hope this is of any help, Patric
