Skip to main content
Forum FAQ's
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Masses of Multicast stream started/ended/leave/join events in EE router log

ConfusedRaccoon
Investigator
Investigator

‎18-11-2022 07:17 PM

As title, my PC x.x.x.13 is spamming masses of Multicast events, joining, leaving every 10 seconds or so.

 

Read more
18:54:53, 18 Nov. Multicast event client leave group:224.168.100.1 client:192.168.1.13
18:54:53, 18 Nov. Multicast stream ended by client 192.168.1.13
18:54:43, 18 Nov. Multicast stream started by client 192.168.1.13
18:54:43, 18 Nov. Multicast event client join group:224.168.100.1 client:192.168.1.13
18:54:43, 18 Nov. Multicast stream request. client:192.168.1.13 group:224.168.100.1
18:54:43, 18 Nov. Multicast stream started by client 192.168.1.13

It's constant, and hits the  Limit of MCST log after 15 minutes or so.

I have no idea what the 224.168.100.1 is The unknown IP seems to be part of a multicast network, but I've no idea what or why it's happening. Is there any way I can track it down? Maybe something like Grammerly is trying to update its data base or something, I don't know.

 

 

0 Helpful
11 REPLIES 11
Mustrum
Ace Contributor
Ace Contributor

‎18-11-2022 08:15 PM

According to a quick look, it is connecting to About us (iana.org)

Not sure who tho. I would disconnect from the internet and run virus checkers and Malwarebytes to see if anything is picked up.

0 Helpful
XRaySpeX
Grand Master
Grand Master
In response to Mustrum

‎18-11-2022 08:36 PM

@Mustrum : No, it isn't! They are the peeps who have overall control & management of all domains & IPs. They assign them but they don't run them. 

The OP's PC is connecting as a client to a Multicast host, whose IPs has been reserved by IANA for just that purpose.

As the OP I would thoroughly check what programs are running on his PC. The command netstat -b 5 might assist.

If you think I helped please feel free to hit the "Thumbs Up" button below.

To phone EE CS: Dial Freephone +44 800 079 8586 - Option 1 for Mobile Phone & Mobile Broadband or Option 2 for Home Broadband & Home Phone

ISPs: 1999: Freeserve 48K Dial-Up => 2005: Wanadoo 1 Meg BB => 2007: Orange 2 Meg BB => 2008: Orange 8 Meg LLU => 2010: Orange 16 Meg LLU => 2011: Orange 20 Meg WBC => 2014: EE 20 Meg WBC => 2020: EE 40 Meg FTTC => 2022: EE 80 Meg FTTC (no landline number)
0 Helpful
ConfusedRaccoon
Investigator
Investigator

‎18-11-2022 09:47 PM

Thanks for the replies, watching the netstat -b 5 now. Seeing a lot of nvidia and firefox. A couple of somerthings called gwctlsrv.exe and gwidlmon.exe, but they seem to be windows services. A handful of search app.exe which is the windows search iirc? and

Malwarebytes just flagged cheatengine and and old file used for nicehash

Netlimiter isn't showing anything that seems supisious, lots of stuff I don't understand.

Could it be DNS related? I've got cloudfare as default and then googles as secondary.

I'm also skimming through the windows firewall rules to see if anything stands out, but... not much.

0 Helpful
XRaySpeX
Grand Master
Grand Master
In response to ConfusedRaccoon

‎18-11-2022 10:52 PM - edited ‎18-11-2022 10:52 PM

Does netstat show the IP 224.168.100.1 as a Foreign Addy?

If you think I helped please feel free to hit the "Thumbs Up" button below.

To phone EE CS: Dial Freephone +44 800 079 8586 - Option 1 for Mobile Phone & Mobile Broadband or Option 2 for Home Broadband & Home Phone

ISPs: 1999: Freeserve 48K Dial-Up => 2005: Wanadoo 1 Meg BB => 2007: Orange 2 Meg BB => 2008: Orange 8 Meg LLU => 2010: Orange 16 Meg LLU => 2011: Orange 20 Meg WBC => 2014: EE 20 Meg WBC => 2020: EE 40 Meg FTTC => 2022: EE 80 Meg FTTC (no landline number)
0 Helpful
ConfusedRaccoon
Investigator
Investigator
In response to XRaySpeX

‎18-11-2022 11:03 PM - edited ‎18-11-2022 11:06 PM

I'm not seeing 224.168.100.1 on the netstat.

I'm seeing it on the EE tech log: Multicast event client join group:224.168.100.1 client:192.168.1.13 -edit- thinking about it, that's just a group and there are no other ip's grouped apart from my local machine, so probably not the culprit. This is the first time I've come across this sort of thing, so learning as I'm going, hopfully. I may post to reddit as well, as it seems like it may not be an EE thing, but rather something else I need to dig out. Maybe.

This is what the netstat looks like.

Read more
Netstat.png

Not sure what this searchapp is or what it's doing, I'm not activly searching for anything and Cortana is turned as off as I could get it without gutting windows 10. I should mention, Raccoon-War is my PC's name, Raccoon-Warren, but windows cut's it short.

0 Helpful
XRaySpeX
Grand Master
Grand Master
In response to ConfusedRaccoon

‎18-11-2022 11:15 PM

In computer networking, multicast is group communication where data transmission is addressed to a group of destination computers simultaneously, the others of which you wouldn't be aware of.

If you think I helped please feel free to hit the "Thumbs Up" button below.

To phone EE CS: Dial Freephone +44 800 079 8586 - Option 1 for Mobile Phone & Mobile Broadband or Option 2 for Home Broadband & Home Phone

ISPs: 1999: Freeserve 48K Dial-Up => 2005: Wanadoo 1 Meg BB => 2007: Orange 2 Meg BB => 2008: Orange 8 Meg LLU => 2010: Orange 16 Meg LLU => 2011: Orange 20 Meg WBC => 2014: EE 20 Meg WBC => 2020: EE 40 Meg FTTC => 2022: EE 80 Meg FTTC (no landline number)
0 Helpful
ConfusedRaccoon
Investigator
Investigator
In response to XRaySpeX

‎19-11-2022 12:34 AM

Ok thanks.

I'm not sure if I should be worried about this, how can I stop this behaviour? Find the culprit and delete it or can I disable the ability somewhere?

0 Helpful
XRaySpeX
Grand Master
Grand Master
In response to ConfusedRaccoon

‎19-11-2022 02:51 AM - edited ‎19-11-2022 03:28 AM

No, but it would be nice to have an explanation.

You could try taking down the non-Windows processes 1 by 1 and see if it goes away. 

If you think I helped please feel free to hit the "Thumbs Up" button below.

To phone EE CS: Dial Freephone +44 800 079 8586 - Option 1 for Mobile Phone & Mobile Broadband or Option 2 for Home Broadband & Home Phone

ISPs: 1999: Freeserve 48K Dial-Up => 2005: Wanadoo 1 Meg BB => 2007: Orange 2 Meg BB => 2008: Orange 8 Meg LLU => 2010: Orange 16 Meg LLU => 2011: Orange 20 Meg WBC => 2014: EE 20 Meg WBC => 2020: EE 40 Meg FTTC => 2022: EE 80 Meg FTTC (no landline number)
0 Helpful
ConfusedRaccoon
Investigator
Investigator
In response to XRaySpeX

‎19-11-2022 03:21 AM

I'll keep this tab open and post if/when I get an answer. Thanks.

0 Helpful