Odd traffic in router log

Hello all. This is my firs time posting anything, so dont get ****** of if i cant give u all the neccesary info u need to know I have Speedstreasm 5450 router with firewall enabled and NAT enabled. Today when i came home from work i noticed this odd traffic in my router log.

D:19:0 Prot=2 172.30.155.126:4362 ->224.0.0.1:61173 Len=28 Id=42113 df=0 Mf=0 byte -off=0

There are something like hundred lines off this and every minute comes a new one?? My gateway has ip 192.168.254.254 and my two comps behind the gateway offcourse have the 192 starting ip:s. What can this traffic be? Maybe a Trojan or something?? I have Windows xp Pro sp2 in both of my comps and Sunbelt firewall. i checked the sunbelt firewall logs and i cant find anykind of mark of traffic like that above. Thnx Anyways!

And great forum u have!

best regards Thums

 

224.0.0.1 is a multicast address. That is, it is used to send broadcasts to a restricted number of systems. 224.0.0.1 is specific to the current subnet.

172.30.0.0 addresses are in a private address space that won't be valid over the internet.

So neither address is going to be a valid reply address. So I doubt this is part of any two way communication. I also do not think your router will pass those packets onto the internet connection.

Therefore, there is an outside possibility this is a part of a denial of service type of attack, but I don't think so.

Much more likely it is something inside your network in a default discovery mode.

If you install Wireshark (newest version of Ethereal), you should be able to identify the MAC address of the device sending out the packets. Wireshark will also allow you to see the information being sent out within the packets.

 

Thanxs for the reply.. i'll try the ethereal and hopehully figure out the not hoped traffic