Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

239.255.255.253:1900 and 239.255.255.250:427 causing alot of chatter on network

Posted on 2006-11-20
13
Medium Priority
?
8,288 Views
Last Modified: 2008-02-20
I noticed my network slowing down today and when I logged into my traffic grapher, I saw ALOT of chatter between 239.255.255.253 port 427, 239.255.255.250 port 1900 and my Cisco switches
What are these two addresses?
0
Comment
Question by:jskewes
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +4
13 Comments
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17982715

Hi, that is a multicast address.  Quick check shows it is 239.255.255.253 - SLPv2 Discovery.

I know SLP is (or can) be used in TCP/IP based Novell NetWare server installations and it looks like it can be used with Unix and Window boxes too with the right add-ons.... are you in a NetWare 5/6 environment by any chance?

Do you happen to know what this multi-cast traffic was like before your network slowed?

To quote from RFC 3082

"The Service Location Protocol (SLP) provides mechanisms whereby
   service agent clients can advertise and user agent clients can query
   for services.  The design is very much demand-driven, so that user
   agents only obtain service information when they specifically ask for
   it.  There exists another class of user agent applications, however,
   that requires notification when a new service appears or disappears.
   In the RFC 2608 design, these applications are forced to poll the
   network to catch changes.  In this document, we describe a protocol
   for allowing such clients to be notified when a change occurs,
   removing the need for polling.
"


0
 
LVL 20

Accepted Solution

by:
jimmymcp02 earned 2000 total points
ID: 17982721
see if this helps
239.255.255.253 port 427
http://forums.macosxhints.com/archive/index.php/t-10978.html

239.255.255.250
http://www.grc.com/port_1900.htm
0
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 17982725
Those addresses are multicast addresses. Windows has a service called SSDP that tries to do network discovery using them. You should turn it off in the Services configuration on your PCs, you don't need it.
0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 

Author Comment

by:jskewes
ID: 17982811
This is the first time I'm seeing this and it seems to be talking to non-windows boxes.
should I block these addresses or services?
How would I go about blocking this?
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17982855
When you say non-windows..... Unix, netware, what else?
0
 
LVL 20

Expert Comment

by:jimmymcp02
ID: 17982862
probably apple machines
0
 

Author Comment

by:jskewes
ID: 17982877
no Apples on our network. At all.
I think they are Cisco switches.
0
 
LVL 5

Expert Comment

by:WGhen
ID: 17982901
Hve you turned on multicasting lately...
Cisco has this to say...

IP Multicast Group Addressing
A multicast group is identified by its multicast group address. Multicast packets are delivered to that multicast group address. Unlike unicast addresses that uniquely identify a single host, multicast IP addresses do not identify a particular host. To receive the data sent to a multicast address, a host must join the group that address identifies. The data is sent to the multicast address and received by all the hosts that have joined the group indicating that they wish to receive traffic sent to that group. The multicast group address is assigned to a group at the source. Network administrators who assign multicast group addresses must make sure the addresses conform to the multicast address range assignments reserved by the Internet Assigned Numbers Authority (IANA).

IP Class D Addresses
IP multicast addresses have been assigned to the IPv4 Class D address space by IANA. The high-order four bits of a Class D address are 1110. Therefore, host group addresses can be in the range 224.0.0.0 to 239.255.255.255. A multicast address is chosen at the source (sender) for the receivers in a multicast group.



--------------------------------------------------------------------------------

Note The Class D address range is used only for the group address or destination address of IP multicast traffic. The source address for multicast datagrams is always the unicast source address.


WGhen
0
 

Author Comment

by:jskewes
ID: 17982911
as far as I know, I haven't done anything to start multicasting.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 17983070
Some dynamic routing protocols use multicast.. OSPF is one for sure.
0
 
LVL 20

Expert Comment

by:jimmymcp02
ID: 17983870
Instillmotion perhaps im experiencing browser issues here but i got request when trying to access those site?
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question