Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-users: RE: [Ethereal-users] UDP to 224.0.0.103

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Visser, Martin" <martin.visser@xxxxxx>
Date: Tue, 29 Mar 2005 09:32:27 +1000
Scott has definitely given you a pointer in the right direction. The multicast address and destination UDP port both point to MDAP (as are recorded by IANA). The curious thing is that there is basically no info to be found on this protocol (Google doesn't turn up anything beyond the assignment and the assignee,Johan Deleu of Alcatel, so I wonder who is actually implementing it. I think the Microsoft / Outlook suggestionis spurious - I can't see why Outlook would want to use multicast to access directories - it can perfectly well directly connect to the Exchange server or Active Directory in a standard environment.
 
Normally multicasts won't go past your local network - unless multicast is explicitly configured in your routers. That is, it isn't going to go on the internet or anything outside you local LAN unless someone has configured this to happen. 
 
If you haven't installed software that seems to match the "MDAP" description , I wonder if some trojan/bot software has stolen the assigned ranges and is using it for its own purpose? (This also is just speculation ;-)  )
 

Regards, Martin

Martin Visser ,CISSP
Network and Security Consultant
Consulting & Integration
Technology Solutions Group - HP Services

3 Richardson Place
North Ryde, Sydney NSW 2113, Australia
Phone: +61-2-9022-1670   
Mobile: +61-411-254-513
Fax: +61-2-9022-1800    
E-mail: martin.visserAThp.com

This email (including any attachments) is intended only for the use of the individual or entity named above and may contain information that is confidential, proprietary or privileged. If you are not the intended recipient, please notify HP immediately by return email and then delete the email, destroy any printed copy and do not disclose or use the information in it.


From: ethereal-users-bounces@xxxxxxxxxxxx [mailto:ethereal-users-bounces@xxxxxxxxxxxx] On Behalf Of Scott Lowrey
Sent: Tuesday, 29 March 2005 9:07 AM
To: Ethereal user support
Subject: Re: [Ethereal-users] UDP to 224.0.0.103

Google for that address (use quotes).  You'll find it's used by the Multi Directory Access Protocol (MDAP).  Something wants to talk to a directory server.  Now google for MDAP Microsoft, since their software tends to be overly chatty and in constant need of the Mother Ship. :)

Is Outlook running?

Roger Almstedt wrote:
Hi,
 
Just started to use Ethereal and discovered right away that my computer is sending all the time (2 times per second) an UDP package to IP adress:
224.0.0.103 sourceport 3009 or 1027, destinationport 3235.
That cant be normal, maybe this is not at question for this list, but I would appreciate if anyone can help me with an answer.
 
Best Regards
Roger
 



_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users

--
Scott Lowrey
Test Engineering Manager
NexTone Communications
Gaithersburg, Maryland USA

1.240.912.1369
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube