18-11-2022 07:17 PM
As title, my PC x.x.x.13 is spamming masses of Multicast events, joining, leaving every 10 seconds or so.
It's constant, and hits the Limit of MCST log after 15 minutes or so.
I have no idea what the 224.168.100.1 is The unknown IP seems to be part of a multicast network, but I've no idea what or why it's happening. Is there any way I can track it down? Maybe something like Grammerly is trying to update its data base or something, I don't know.
18-11-2022 08:15 PM
According to a quick look, it is connecting to About us (iana.org)
Not sure who tho. I would disconnect from the internet and run virus checkers and Malwarebytes to see if anything is picked up.
18-11-2022 08:36 PM
@Mustrum : No, it isn't! They are the peeps who have overall control & management of all domains & IPs. They assign them but they don't run them.
The OP's PC is connecting as a client to a Multicast host, whose IPs has been reserved by IANA for just that purpose.
As the OP I would thoroughly check what programs are running on his PC. The command netstat -b 5 might assist.
18-11-2022 09:47 PM
Thanks for the replies, watching the netstat -b 5 now. Seeing a lot of nvidia and firefox. A couple of somerthings called gwctlsrv.exe and gwidlmon.exe, but they seem to be windows services. A handful of search app.exe which is the windows search iirc? and
Malwarebytes just flagged cheatengine and and old file used for nicehash
Netlimiter isn't showing anything that seems supisious, lots of stuff I don't understand.
Could it be DNS related? I've got cloudfare as default and then googles as secondary.
I'm also skimming through the windows firewall rules to see if anything stands out, but... not much.
18-11-2022 10:52 PM - edited 18-11-2022 10:52 PM
Does netstat show the IP 224.168.100.1 as a Foreign Addy?
18-11-2022 11:03 PM - edited 18-11-2022 11:06 PM
I'm not seeing 224.168.100.1 on the netstat.
I'm seeing it on the EE tech log: Multicast event client join group:224.168.100.1 client:192.168.1.13 -edit- thinking about it, that's just a group and there are no other ip's grouped apart from my local machine, so probably not the culprit. This is the first time I've come across this sort of thing, so learning as I'm going, hopfully. I may post to reddit as well, as it seems like it may not be an EE thing, but rather something else I need to dig out. Maybe.
This is what the netstat looks like.
Not sure what this searchapp is or what it's doing, I'm not activly searching for anything and Cortana is turned as off as I could get it without gutting windows 10. I should mention, Raccoon-War is my PC's name, Raccoon-Warren, but windows cut's it short.
18-11-2022 11:15 PM
In computer networking, multicast is group communication where data transmission is addressed to a group of destination computers simultaneously, the others of which you wouldn't be aware of.
19-11-2022 12:34 AM
Ok thanks.
I'm not sure if I should be worried about this, how can I stop this behaviour? Find the culprit and delete it or can I disable the ability somewhere?
19-11-2022 02:51 AM - edited 19-11-2022 03:28 AM
No, but it would be nice to have an explanation.
You could try taking down the non-Windows processes 1 by 1 and see if it goes away.
19-11-2022 03:21 AM
I'll keep this tab open and post if/when I get an answer. Thanks.