----- Original Message ----- From: "Jeff Gutierrez" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, February 16, 2002 7:21 PM Subject: Re: [plug] 192.168.100.1?
> #this is an igmp message (proto=2) using multicast address (224.0.0.1 = > #all-host multicast group address) coming from 192.168.100.1. > # > #your 192.168.100.1 is acting as multicast router.. try to see if this host > #is running any multicast routing daemon. > # > > What got me confused is I don't have a host with an IP of 192.168.100.1. My homenet network address is 192.168.0.0. I grep-ed for "\.100" in /etc just to see if I have it somewhere in one of the config files, but no dice. > > I followed the instructions in the doc. Tonton Rabena sent, and these were the results: the /proc/net/igmp file isn't available, and `netstat -gn` returned "no support form AF_INET (igmp) on this system". > > I'd appreciate any information. ok its a very interesting that maybe someone spoof the ip address of 192.168.100.1 or your router is capable to relay igmp message from the outside of your network. multicast ip address 224.0.0.1 (all-host multicast group) can flood your network if all network devices are not properly configured... try to ping 224.0.0.1 and lots of network devices will reply if it is not properly configured... fortunately as you said, its frequency is every 3 minutes so it wont affect your network much. to find your culprit, run tcpdump at root like this: #tcpdump -e host 224.0.0.1 -e will print the link-level header or its mac address both for source and destination mac address... with this even if the ip address is spoofed, link level will show where the source coming from... if the mac address is equal to your gateway router, then your router is capapable to relay igmp message from outside.. otherwise, the culprit is inside your network topology. fooler. _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
