• March 28, 2024, 03:43:36 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: Router Log - Why does the DSM-510 try to access the internet?  (Read 4975 times)

Lucid

  • Level 3 Member
  • ***
  • Posts: 139
Router Log - Why does the DSM-510 try to access the internet?
« on: December 25, 2007, 07:26:59 PM »


Can the moderator explain this?? The address 192.168.2.100 is the DSM-510. I would like to know what it is doing and why.

---log from DIR-655----
[INFO] Tue Dec 25 11:50:31 2007 Dropped packet from 192.168.2.100 to 239.255.255.250 (IP protocol 17) as unable to create new session
[INFO] Tue Dec 25 11:50:29 2007 Above message repeated 35 times
[INFO] Tue Dec 25 10:47:37 2007 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.2.100 to 202.97.238.202
[INFO] Tue Dec 25 01:34:27 2007 Dropped packet from 192.168.2.100 to 239.255.255.250 (IP protocol 17) as unable to create new session
[INFO] Tue Dec 25 01:24:51 2007 Above message repeated 35 times
[INFO] Tue Dec 25 01:14:47 2007 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.2.100 to 221.208.208.212
[INFO] Tue Dec 25 01:14:47 2007 Above message repeated 2 times
[INFO] Tue Dec 25 01:03:40 2007 Dropped packet from 192.168.2.100 to 239.255.255.250 (IP protocol 17) as unable to create new session
[INFO] Tue Dec 25 00:23:16 2007 Above message repeated 35 times
[INFO] Mon Dec 24 23:52:12 2007 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.2.100 to 221.209.110.50
----end of log sample-----

TIA
Logged

Rara Avis

  • Imperator
  • Level 2 Member
  • **
  • Posts: 76
Re: Router Log - Why does the DSM-510 try to access the internet?
« Reply #1 on: December 26, 2007, 08:59:45 AM »

This one shouldn't take a moderator, your DSM-510 is trying to join a few multicast groups.  I will throw a link to the wiki on multicast at the bottom of this post.  Long story short it is trying to join a couple of common multicast group, one I recognize offhand as being the group for "all network devices" and you should see your Windows PCs will cause the same message. This only applies to addresses in the range of 224.0.0.0-239.255.255.255 which are all the small number of repeat messages.

As for the other addresses I can tell you that they are Chinese IPs belonging to a organization call CNC group you can use the APNIC whois (link below) to check them out for yourself.  Near as I can tell they are a Chinese ISP.  As for why the DSM-510 is pinging them, could be a number of reasons, it wouldn't freak me out terribly, for all I know this is how they are checking for firmware on this device is a ping with a payload in the echo indicating update available.  After all isn't D-Link suppose to be a Taiwanese company (backed up by the fact that the investor relations portion of their site will take you to financial statements saying they are in Taiwan)?

On second thought I have a better question why is your router blocking outbound pings?

http://en.wikipedia.org/wiki/Multicast
http://wq.apnic.net/apnic-bin/whois.pl
Logged
Nullum magnum ingenium sine mixtura dementiae fuit. - Seneca
There has never been a great genius without a element of madness.

Lucid

  • Level 3 Member
  • ***
  • Posts: 139
Re: Router Log - Why does the DSM-510 try to access the internet?
« Reply #2 on: December 26, 2007, 03:40:36 PM »

Interesting...thanks for your input. As for the reason why the block..I don't know. I haven't done anything but use common settings on the router. It's funny that the router would block something Dlink has used just for multicasting if your guess is correct. As for your message about all windows pc causing the same message this isn't true for my pc. If it did I would have caught this message earlier.

On a side note. I really appreciated the link you sent me to on Wiki. Thanks for the info. Would you be able to point me to the right direction as to how to make sense of the router's log file. I constantly see TCP and UDP incoming requests blocked (such as when I am not doing anything special) and I would like to have a better sense as to how to interperet the DIR-655 logs. I kinda have been running on faith...set up the router to act as a firewall, block ping requests...and prey.

Cheers!

Lucid
Logged