PC showing IGMP incoming from 0.0.0.0

4o4rh

I have a win10 PC on the LAN segment with comodo firewall installed.

In the logs i am seeing IGMP from 0.0.0.0 to 224.0.0.1 inbound being blocked. I don't see this in the pfsense logs.

is it normal or snooping? How can i find the origin of it.

NogBadTheBad

Packet capture in pfSense, locate the packet and look at the MAC address or Wireshark on the PC.

4o4rh

@NogBadTheBad but what is it? i don't see it on the other wifi segments, only on the lan one

NogBadTheBad

IGMP is multicast.

https://en.wikipedia.org/wiki/Internet_Group_Management_Protocol

johnpoz

http://bradhedlund.com/notes/multicast/

IGMP general group query messages (sent by the router to hosts) contains 0.0.0.0 and is sent by default every 125 seconds.

IGMP queries are sent to 224.0.0.1 (the all multicast hosts address)

IGMP Membership Reports are sent by the hosts on a LAN segment, reporting to the router which multicast groups they are listening for.

Your firewall shouldn't log that for starters ;)

Yes its igmp snooping - you prob have it turned on via your switch or something. I turn it off - because I am not using any multicast on my network. Since I'm not using it - its noise that can be removed from the network.