Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I would like to know more about these 2 traffic sources.


  • Please log in to reply
6 replies to this topic

#1 HairyApricot

HairyApricot

  • Members
  • 197 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 17 October 2016 - 01:55 PM

The 2 sources are System connecting to 192.168.1.255 andSVChost(NetworkService) connecting to 224.0.0.252. I know they are legitimate but what are they for? I am not too sure about 192.168.1.255, but I think 224.0,0,252 us for Link Local Multicast Name Resolution. But what is that for exactly? Never really considered them before but thought it would be nice to know. Thanks :)



BC AdBot (Login to Remove)

 


#2 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 17 October 2016 - 02:10 PM

192.168.1.255 is your broadcast id for the subnet.

 

from google

The connection to 224.0.0.252:5355 with protocol UDP is used by recent versions of Windows for Link Local Multicast Name Resolution (LLMNR) searching for local network computers



#3 HairyApricot

HairyApricot
  • Topic Starter

  • Members
  • 197 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 17 October 2016 - 03:31 PM

Hi Wand3r3r. What exactly is the subnet exactly and why does windows need to do Link Local Multicast Name Resolution? What is it exactly?



#4 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 17 October 2016 - 03:52 PM

192.168.1.0 /24 is your subnet.  192.168.1.255 is broadcast id and 192.168.1.0 is network id and both are not assignable to a host.

 

udp is a broadcast tcp/ip protocol.  windows uses it [LLMNR] to discover local lan devices



#5 HairyApricot

HairyApricot
  • Topic Starter

  • Members
  • 197 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 19 October 2016 - 07:52 AM

This is ordinary activity then?



#6 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 19 October 2016 - 08:11 AM

doesn't get more normal than them



#7 HairyApricot

HairyApricot
  • Topic Starter

  • Members
  • 197 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 19 October 2016 - 02:05 PM

XD thanks, you've been a great help. If I could trouble you for one more thing, why is the data sent to 192.168.1.255 exactly the same amount as the data received? 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users