Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

what is the multicast doing on 224.0.0.251? [closed]

Tags:

dns

debian

mdns

On my debian server (squeeze) I get this message every few seconds:

Sep 18 21:28:14 myhost kernel: [7903784.720091] AIF:UNPRIV connect attempt: IN=eth0 OUT= MAC= SRC=my_serverip_eth0 DST=224.0.0.251 LEN=72 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=UDP SPT=5353 DPT=5353 LEN=52

the packets are coming from inside my server (i replaced it with my_serverip_eth0) and seem to be blocked going out to the destination 224.0.0.251.

So some task inside my server is contacting 224.0.0.251 and this is blocked by my arnos_firewall.

How can I find out who or which task is trying to do that and if it is useful or not?

And if I don't need it, how can I suppress that message then?

like image 751
rubo77 Avatar asked Sep 18 '12 19:09

rubo77

People also ask

What are addresses in the 224.0 0.0 range used for?

The range of addresses between 224.0. 0.0 and 224.0. 0.255, inclusive, is reserved for the use of routing protocols and other low-level topology discovery or maintenance protocols, such as gateway discovery and group membership reporting.

What are 224 IP addresses?

Addresses in the range 224.0. 1.0 to 224.0. 1.255 are individually assigned by IANA and designated as the internetwork control block. This block of addresses is used for traffic that must be routed through the public Internet, such as for applications of the Network Time Protocol using 224.0.

How many multicast addresses are there?

The multicast addresses are in the range 224.0. 0.0 through 239.255. 255.255. Address assignments are listed below.

2 Answers

Those look much like Bonjour / mDNS requests to me. Those packets use multicast IP address 224.0.0.251 and port 5353.

The most likely source for this is Apple iTunes, which comes pre-installed on Mac computers (and is a popular install on Windows machines as well). Apple iTunes uses it to discover other iTunes-compatible devices in the same WiFi network.

mDNS is also used (primarily by Apple's Mac and iOS devices) to discover mDNS-compatible devices such as printers on the same network.

If this is a Linux box instead, it's probably the Avahi daemon then. Avahi is ZeroConf/Bonjour compatible and installed by default, but if you don't use DNS-SD or mDNS, it can be disabled.

like image 79
Suman Avatar answered Sep 18 '22 14:09

Suman

If you don't have avahi installed then it's probably cups.

like image 42
dangerguy Avatar answered Sep 16 '22 14:09

dangerguy
Sign in to Comment

Related questions

MySQL Query to Count Unique Domains from Email Address field
How to fix: Domain does not resolve to the GitHub Pages server. Error in Github Pages for custom domain setup with Enforce HTTPS Enabled?
Requesting A and AAAA records in single DNS query
Using GoDaddy Domain Hosting to link to Amazon S3 Website [closed]
How to assign domain names to containers in Docker?
Docker apt-get update fails
Too many DNS lookups in an SPF record
htaccess redirect all pages to single page
preconnect vs dns-prefetch resource hints
xn-- on domain, what it means?
How secure is HTTP_ORIGIN?
How to get the domain value for a cookie in Javascript?
How to create own domain extension? [closed]
how do i to forward domain.com to www.domain.com at godaddy for s3 hosted site?
Can I have a route53 subdomain in a different Hosted Zone?
Getting the IP address of server in ASP.NET?
How would you parse a url in Ruby to get the main domain?
How to redirect siteA to siteB with A or CNAME records [closed]
Simple DNS Server in Node.JS? (Primary/Authoritative DNS Server) (maybe ndns?)
How do I make a custom subdomain on Firebase?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!