Just Give Me the Beans!
found this thread that describes the same problem, yet no solution was ever posted to the thread before it was closed http://ubuntuforums.org/showthread.php?t=1886913
I am not interested in changing my ufw settings as the firewall is correctly blocking. I want to know how to terminate whatever is causing that multicast address to attempt a connection every 3 minutes. I don't do multicasting so I see no reason for this to be occurring.
Does anybody know a fix? I'm running 14.04 fully up to date.
Robot Pirate Ghost
Moved to Security Discussions
Splat Double Splat Triple Splat
Earn Your Keep
Don't mind me, I'm only passing through.
Once in a blue moon, I'm actually helpful.
Hooked on Manjaro
Hello and welcome to the forums,
Would it be possible for you to copy paste the log output for further analysis?
Cheers & Beers, uRock
[SIGPIC][/SIGPIC]
Just Give Me the Beans!
After investigation, I have confirmed it is not originating from my router. I'm not sure if it's originating from ubuntu itself (all computers running ubuntu have same log entries), my Cable Modem, or my ISP. Can anyone provide any more information about this, has anyone discovered anything as it appears others have experienced it too?Originally Posted by uRock
If the source is outside my router I could block/deny the traffic at my router. I am running OpenWrt but do not know how I would create a firewall setting that would block this from entry into my LAN. If anybody can help with this I would really appreciate it. Thanks.
the above log entry occurs every 2-3 minutes without stop with only the time/date changing for each entry.Code:[UFW BLOCK] IN=eth0 OUT= MAC=redacted SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2
Grande Half-n-Half Cinnamon Ubuntu
Your best option is still to capture traffic with Wireshark. It will be very quick and easy to see what's sending the traffic by filtering by the IPCode:ip.addr == 224.0.0.1
Knock knock.
Race condition.
Who's there?
Just Give Me the Beans!
well I could not get wireshark to work on ubuntu. so I pulled out an old windows laptop and installed wireshark on that. It is showing the MAC for the LAN-Interface of the openwrt router. I guess I was wrong in ruling out the router. I assume this means that that MAC is the origin of the 224.0.0.1 spam?
Is anyone familiar enough with openwrt to help me configure it to not be sending the 224.0.0.1 multicasts?
Grande Half-n-Half Cinnamon Ubuntu
Yah your router probably uses multicasting for upnp, so if you disable it you'll probably lose upnp.
I don't use openwrt so I'm not sure how to disable multicasting on the router. This might help as it seems pretty basic:
http://www.generationip.com/document...-with-ifconfig
Knock knock.
Race condition.
Who's there?
Woof
If you can't get wireshark to work (no reason why you shouldn't, except that it needs root privileges to perform packet capture) the tcpdump will work.
This will probably print the onfo you need:
Or if that printout isn't enough, this will capture to a file that wireshark can read:Code:tcpdump -p -n -e host 224.0.0.1
One post says that the log says PROTO=2. Protocol 2 is IGMP - Internet Group Management Protocol. My guess is that it's the local router asking if there are any hosts interested in receiving multicasts - nothing to worry about. Tcpdump (without the -w option) will possibly print enough to tell you. Failing that, opening the capture file in wireshark will tell you.Code:tcpdump -p -w capture.cap host 224.0.0.1
Just Give Me the Beans!
I have no need for UPnP. I thought it was off (or not available) in openwrt. I don't see any config allowing me to turn it off. Anyone know how toon openwrt? Is it just a matter of SSH in and run that command? I don't want to mess anything up so if someone could advise I'd be really thankful. multicast occurs on both eth0 or wlan0.Code:ifconfig eth0 -multicast
Hooked on Manjaro
I've never managed an OpenWRT product, but maybe these guys can help. https://forum.openwrt.org/index.php
Cheers & Beers, uRock
[SIGPIC][/SIGPIC]
Posting Permissions
Adv Reply
Bookmarks