IGMP Traffic
-
Recently switched from a residential to business class account and I've taken notice of a lot of these IGMP traffic in the logs. I don't recall seeing so many when I was on residential. I was hoping if someone could tell me if this is normal?
http://i.imgur.com/3JeSkCe.jpg
10.1.10.1 is the IP of the Business Gateway/Modem (as if I were to connect a computer directly to a port on the gateway/modem itself this is the IP I would use to access it/its web GUI configuration). 224.0.0.1 is from what I read (albeit, I admit, don't fully understand) the multicast IP, which is sent to find "who" all is on the network, or something along those lines? (where does it originate, I don't know) then the masked .238 is the an outside IP assigned for pfSense (if I'm saying that correctly), in other words in System -> Routing -> Gateways, it is the IP address in "Gateway" and "Monitor IP".
Just curious if this is normal to see this every three-five minutes in the Firewall Logs? If you wish to explain just what it is I'm saying, I'd appreciate that very much as well, to learn a little something from it all.
-
<shrug>Anyone?</shrug>
-
It's possible that it's looking for something different now (e.g. IPTV) than on your old class of service.
Without asking specifics for a given provider it's impossible for anyone to say whether or not it's normal for that provider.
It is multicast traffic so it cannot leave its segment, so it must be originating from the gateway device.
-
Im getting the same flooding my logs. Have you found a way to hide these from the logs?
-
Well you could easy not log it by just creating a rule that either allows it or blocks it but doesn't log on your wan to the dest and protocol. The first 2 are not igmp but icmp (pings)
You could sniff the traffic and maybe glean what its looking for.