interesting multicast packet
Stig Venaas
stig at venaas.com
Thu Mar 20 23:22:54 CET 2014
Hi
On 2/27/2014 8:16 AM, Gert Doering wrote:
> Hi,
>
> On Wed, Feb 26, 2014 at 10:57:07PM -0600, Frank Bulk wrote:
>> I suggest using Microsoft Network Monitor
>> (http://www.microsoft.com/en-us/download/details.aspx?id=4865) to identify
>> the processing sending out that traffic.
>
> We did. It says "unknown"...
>
> But I think Daniel's find is spot-on, as
>
> https://malwr.com/analysis/ZDg2MzhjNmJhOGIxNGNiM2I2NmRkMTMzODBkZjllYmY/
>
> shows the string we saw in the packet (click on "static analysis" ->
> "strings" -> "RELARELAY_RESPONDRELA"), a "McAffee Framework Service" is
> indeed installed and that "seems to be a known side effect" - though
> nobody seems to have observed this on IPv6 yet...
Sorry for this late reply, but it doesn't make much sense that it is
sent to the all routers address.
Stig
> Gert Doering
> -- NetMaster
>
More information about the ipv6-ops
mailing list