Re: Help!!

["Eric McCarty" <eric () piteduncan com>]

First off, Multicast = > 1 Address. Unicast = 1 Address. Broadcast = All
addresses. 

Next, since the source IP's are apparently on your LAN I would say sniff
the traffic from those machines, I would bet its spyware/adware
communications. 

Good luck.

Eric.

On Thu, 2005-03-10 at 18:59 -0600, Jose Alberto Arce wrote:
> Hi all.
> I've seen since last monday on my network, some addresses sending 
> multicast to address 234.11.11.12, using UPD 8991. I googled a little 
> bit and I didn't find anything related to that multicast. Last two 
> packets captured are:
>
> 17:29:43.295448 ethertype IPv4 (0x0800), length 99: IP (tos 0x0, ttl 3, id
> 4299, offset 0, flags [none], length: 85) xxx.xxx.xxx.xxx.1034 >
> 234.11.11.12.8991: UDP, length: 57
> 17:29:43.311066 ethertype IPv4 (0x0800), length 99: IP (tos 0x0, ttl 3, id
> 4300, offset 0, flags [none], length: 85) xxx.xxx.xxx.xxx.1034 >
> 234.11.11.12.8991: UDP, length: 57
>
> Any ideas of what device or program might be producing this traffic?
> Thanks
> OA
-- 
Eric C. McCarty

Systems Administrator
Pite Duncan & Melmet, LLP
eric () piteduncan com
619 590-1300 x 2060

Attachment: signature.asc
Description: This is a digitally signed message part