Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

what is the multicast doing on 224.0.0.251? [closed]

Tags:

dns

debian

mdns

On my debian server (squeeze) I get this message every few seconds:

Sep 18 21:28:14 myhost kernel: [7903784.720091] AIF:UNPRIV connect attempt: IN=eth0 OUT= MAC= SRC=my_serverip_eth0 DST=224.0.0.251 LEN=72 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=UDP SPT=5353 DPT=5353 LEN=52

the packets are coming from inside my server (i replaced it with my_serverip_eth0) and seem to be blocked going out to the destination 224.0.0.251.

So some task inside my server is contacting 224.0.0.251 and this is blocked by my arnos_firewall.

How can I find out who or which task is trying to do that and if it is useful or not?

And if I don't need it, how can I suppress that message then?

like image 751
rubo77 Avatar asked Sep 18 '12 19:09

rubo77


People also ask

What are addresses in the 224.0 0.0 range used for?

The range of addresses between 224.0. 0.0 and 224.0. 0.255, inclusive, is reserved for the use of routing protocols and other low-level topology discovery or maintenance protocols, such as gateway discovery and group membership reporting.

What are 224 IP addresses?

Addresses in the range 224.0. 1.0 to 224.0. 1.255 are individually assigned by IANA and designated as the internetwork control block. This block of addresses is used for traffic that must be routed through the public Internet, such as for applications of the Network Time Protocol using 224.0.

How many multicast addresses are there?

The multicast addresses are in the range 224.0. 0.0 through 239.255. 255.255. Address assignments are listed below.


2 Answers

Those look much like Bonjour / mDNS requests to me. Those packets use multicast IP address 224.0.0.251 and port 5353.

The most likely source for this is Apple iTunes, which comes pre-installed on Mac computers (and is a popular install on Windows machines as well). Apple iTunes uses it to discover other iTunes-compatible devices in the same WiFi network.

mDNS is also used (primarily by Apple's Mac and iOS devices) to discover mDNS-compatible devices such as printers on the same network.

If this is a Linux box instead, it's probably the Avahi daemon then. Avahi is ZeroConf/Bonjour compatible and installed by default, but if you don't use DNS-SD or mDNS, it can be disabled.

like image 79
Suman Avatar answered Sep 18 '22 14:09

Suman


If you don't have avahi installed then it's probably cups.

like image 42
dangerguy Avatar answered Sep 16 '22 14:09

dangerguy