Looks like 239.0.0.0/8 is reserved for administratively scoped multicast, in other words it should not cross administrative boundaries and is probably not globally routable. Maybe it’s looking for its local controller.
https://tools.ietf.org/html/rfc2365 From: AF <[email protected]> On Behalf Of Chuck McCown via AF Sent: Monday, November 30, 2020 1:53 PM To: 'AnimalFarm Microwave Users Group' <[email protected]> Cc: Chuck McCown <[email protected]> Subject: Re: [AFMUG] Smart wireshark dudes My first reaction is that the VFD microcontroller got PWND by someone. Kinda like the Iraqi centrifuges and our government. From: AF [mailto:[email protected]] On Behalf Of Jaime Solorza Sent: Monday, November 30, 2020 12:43 PM To: AnimalFarm Microwave Users Group <[email protected] <mailto:[email protected]> > Subject: [AFMUG] Smart wireshark dudes Running wireshark on a SCADA network and I am detecting a VFD using CIP trying to hit IP 239.192.128.229... I tried looking it up ....says Asis Pacific... Can someone give me more information on this IP? Thanks
-- AF mailing list [email protected] http://af.afmug.com/mailman/listinfo/af_af.afmug.com
