Announcement

Collapse
No announcement yet.

What is this IP?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • What is this IP?

    I've noticed a big slowdown communicating on the web on one computer. Using NetProbe I found an address (239.251.255.255) that seems to be consuming tremendous amounts of bandwidth. It's using a "ether.IP.UDP.odn-castraq" protocol and ether.IP.UDP.unknown too.

    Looking at my network card conversations, I also found several references to FIRST INTERNAT'L COMPUTER,INC (multicast) which seem to be consuming the bulk. I'm suspicios that this may be a probe or worm or something but my scans (virus checker and SpyBot) found nothing.
    I don't know about the "protocol port" as it is identified as 1.2048.17.2498.

    Anyone know how to figure this out?

  • #2
    G-Dude,
    Have you run AD Aware to see if you have any spy-ware, ad-ware, etc. This tool is free and does a pretty good job of clearing off junk-ware.
    -Rupp
    sigpic

    Comment


    • #3
      Rupp,
      Do you have a link?
      (By the way, I just blocked ports 2048-2498 and I seem to be running much better!)

      Comment


      • #4
        http://download.com.com/3000-2144-10...age&tag=button
        -Rupp
        sigpic

        Comment


        • #5
          Rupp,
          Thanks, I download Ad-Ware and ran a check.
          It found 3 items, but none of them seem to be what I found in my initial message.

          I have not restarted the computer yet, so I'm not 100% sure, but this thing still seems to be running. I got my speed back by blocking the ports but the packets and bytes seem to be getting bigger. (It may be trying but not getting through, and I'm still not sure about the ports thing.)

          Comment


          • #6
            Well,

            I found the website for First International.
            It's here.

            Why would a mother board / video card manufacturer want ot be connected to the net? And why is it all of a sudden that this is consuming my bandwidth?
            Maybe this is not the problem.?
            The source address is01:00:5e:7b:ff:ff and the destination is 00:40:ca:65:66:5b. Are these mac addresses and does this mean they are on my computer?

            This is still a mystery!

            Comment


            • #7
              Those look like they are MAC addresses (the hardware address of network devices). You can find out if one of them is on your computer by typing 'ipconfig /all' at a command prompt. In the output from that command is a 'Physical Address' line. That will tell you the MAC address of your network card(s). If it matches one of the two, it sounds like 'it' (virus, trojan, worm) is either trying to send or receive using your network card.

              Dick
              Dick
              HS PRO 2.5.0.81, WinXP, IE8, Shuttle XS35V3, 2.13GHz, 4GB, 40GB SSD drive, AC-RF2, ADIOcelot, Message Server, TI103, SNEVL CID, pjcOutlook, MCSTemperature, Powertrigger, BLBackup, BLFloorplan, BLIcon, BLOccupied, BLRadar, BLRfid, BLLogMonitor, ACPUPSD, UltraECM, WeatherXML & Stipus' script connector. 500+ devices, 260+ events, 1-wire weather station + temp/humidity sensors & Oregon Scientific temp & humidity sensors & 2 Brultech ECM-1240s

              Comment


              • #8
                this is a multicast address, it isn't someone form the outside trying to hit you. These addresses are usually used by Video Streaming servers and some clients. Are you running any of these?

                01-00-5e-7b-ff-ff is a multicast MAC address
                00:40:ca:65:66:5b looks like a RealTek MAC to me (probably 8139) so this is probably the PC trying to broadcast or is doing something with the multicast data.
                HSPRO 2.4 (ESXi 4.1) | my.Alert NEW | my.Trigger | HSTouch | ACRF2 | UltraM1G | BLWeather | BLLan | Rover
                (aka xplosiv)
                Do You Cocoon? Home Automation News, Tutorials, Reviews, Forums & Chat

                Comment


                • #9
                  Networkview from www.networkview.com, will scan your network, subnet or whatever and collect data about your nodes including MAC addresses

                  HTH
                  Kevin

                  Comment


                  • #10
                    Dan,

                    Thanks for the reply. It makes sense.

                    As I was driving to work I realized I was assuming it was on my HomeControl computer but it may well not be. It might be on one of the other machines, so I need to check on that tonite.

                    I think I can sleuth my mac addresses using my NetGear Router because every machine has a fixed IP and I know the mac of each one of them. Also I should be able to sort by mac address just as well.

                    When you said RealTec, would that be the network card?

                    According to Netprobes pdf file, "The protocol port consists of the protocol numbers and ports for the encapsulating protocols and the actual protocol port being the last number. In the protocol ID 1.2048.6.80, 1 defines Ethernet, 2048 (0x0800) is IP, 6 is TCP and 80 is the HTTP port number." In this example it doesn't tell me what 17 is though.

                    Well, there is more to learn!

                    Comment


                    • #11
                      Weird is wierd!
                      After really locking down my "programming" computer (it showed up as the source), and blocking ports in the range mentioned previously, I still found way too much traffic on my network.
                      So I did a Google search on the IP address that seemed to be both the source and the recipient and found this link.

                      Well, it turns out that I have a Prismiq Media server, and I did notice way too much traffic on my media switch over that last few weeks. I never gave it much thought though.

                      Regardless, I have isolated it, put up port blockers and other security measures on my routers and firewalls, and the traffic is really down to more of a normal noise now.

                      Next step is to give some h*ll to the Prismiq folks. They really screwed with my network and slowed things down. They need to fix this problem.

                      Thanks for all the help and suggestions guys!

                      Regards,

                      Oh, and I really feel sorry for folks that can't get the help you can get on the HomeSeer forums. Isn't it great?

                      Comment

                      Working...
                      X