That sounds like a plan. Thanks. -Ty
On Tue, Jan 6, 2015 at 12:08 PM, George Skorup (Cyber Broadcasting) < [email protected]> wrote: > ff02::1:2 = all DHCPv6 agents. Use the traffic sniffer tool, capture some > traffic to a file, download it, open in wireshark, find source MAC, search > bridge tables... stab customer repeatedly with dull rusty knife. > > > On 1/6/2015 11:10 AM, Seth Mattinen wrote: > >> On 1/6/15 8:13, Ty Featherling wrote: >> >>> We started getting calls of slow speeds on this tower and found multiple >>> customers that had a constant ~1.5Mbps download occuring. When I logged >>> into the router I saw that traffic on some ports that should be idle >>> (SiteMonitor for example). When I torch the traffic this is what I see. >>> A single IPv6 connection on the DHCP ports. while this Mikrotik router >>> is running 6.xx, I do NOT have the IPv6 package active since I do not >>> have IPv6 running on my network yet. Does anyone know what this is or >>> why it would be happening? I do not see it on other routers. Someone's >>> router plugged into this broadcast domain and trying to serve IPv6 DHCP? >>> I am enabling the IPv6 package so I can manage this traffic but I am >>> very curious what I am dealing with. >>> >>> -Ty >>> >> >> >> >> ff02 is IPv6 multicast and fe80 are interface link local addresses. >> >> http://www.iana.org/assignments/ipv6-multicast-addresses/ipv6-multicast- >> addresses.xhtml >> >> Try and find who's doing the multicast. >> >> ~Seth >> > >
