ff02::1:2 = all DHCPv6 agents. Use the traffic sniffer tool, capture
some traffic to a file, download it, open in wireshark, find source MAC,
search bridge tables... stab customer repeatedly with dull rusty knife.
On 1/6/2015 11:10 AM, Seth Mattinen wrote:
On 1/6/15 8:13, Ty Featherling wrote:
We started getting calls of slow speeds on this tower and found multiple
customers that had a constant ~1.5Mbps download occuring. When I logged
into the router I saw that traffic on some ports that should be idle
(SiteMonitor for example). When I torch the traffic this is what I see.
A single IPv6 connection on the DHCP ports. while this Mikrotik router
is running 6.xx, I do NOT have the IPv6 package active since I do not
have IPv6 running on my network yet. Does anyone know what this is or
why it would be happening? I do not see it on other routers. Someone's
router plugged into this broadcast domain and trying to serve IPv6 DHCP?
I am enabling the IPv6 package so I can manage this traffic but I am
very curious what I am dealing with.
-Ty
ff02 is IPv6 multicast and fe80 are interface link local addresses.
http://www.iana.org/assignments/ipv6-multicast-addresses/ipv6-multicast-addresses.xhtml
Try and find who's doing the multicast.
~Seth
