interesting multicast packet
Eric Vyncke (evyncke)
evyncke at cisco.com
Fri Mar 21 14:54:04 CET 2014
And Stig, if you are using our 'employer-paid' laptop sold by Cupertino,
then, you are also sending those packets... I discovered this 'feat' last
week when sniffing traffic from my own laptop...
The use of organization-scope multicast is nice but the ::2 is indeed
awkward
-éric
On 20/03/14 23:22, "Stig Venaas" <stig at venaas.com> wrote:
>Hi
>
>On 2/27/2014 8:16 AM, Gert Doering wrote:
>> Hi,
>>
>> On Wed, Feb 26, 2014 at 10:57:07PM -0600, Frank Bulk wrote:
>>> I suggest using Microsoft Network Monitor
>>> (http://www.microsoft.com/en-us/download/details.aspx?id=4865) to
>>>identify
>>> the processing sending out that traffic.
>>
>> We did. It says "unknown"...
>>
>> But I think Daniel's find is spot-on, as
>>
>>
>>https://malwr.com/analysis/ZDg2MzhjNmJhOGIxNGNiM2I2NmRkMTMzODBkZjllYmY/
>>
>> shows the string we saw in the packet (click on "static analysis" ->
>> "strings" -> "RELARELAY_RESPONDRELA"), a "McAffee Framework Service" is
>> indeed installed and that "seems to be a known side effect" - though
>> nobody seems to have observed this on IPv6 yet...
>
>Sorry for this late reply, but it doesn't make much sense that it is
>sent to the all routers address.
>
>Stig
>
>> Gert Doering
>> -- NetMaster
>>
>
More information about the ipv6-ops
mailing list