IGMP Outgoing

MitchA · December 11, 2006, 4:46pm

Just a quick question.

My computer is on basically all day and is off for around 6 hours every night, when I switch on and then check the log there is around 5 attempts for outgoing IGMP traffic. My question is should I be allwoing this or not? As far as I can tell it’s not preventing me from doing anything

Little_Mac · December 11, 2006, 5:13pm

Mitch,

IGMP is a multicasting IP protocol. Common uses come from Windows Messenger or other IM programs. If you have these active on your computer (even if you’re not using them) they may cause this type of activity.

Do you know if this is the case with yours?

LM

MitchA · December 11, 2006, 5:26pm

I personally don’t use IM,but my sister who also uses the computer does. Do each persons account have different comodo settings or is it global?

Little_Mac · December 11, 2006, 5:28pm

I do believe that at this point, they’re global…

MitchA · December 11, 2006, 5:33pm

Well as far as I know she has no trouble getting on messenger and the IP it keeps sending to is 224.0.0.22

Little_Mac · December 11, 2006, 7:06pm

Yes, that IP is part of the multicasting group.

Here’s a quick blurb from Cisco regarding IGMP/Multicasting:

"[i]Multicast routing is a bandwidth conserving technology that reduces traffic by simultaneously delivering a single stream of information to potentially thousands of corporate recipients and homes. Applications that take advantage of multicast include video conferencing, corporate communications, distance learning, and distribution of software, stock quotes, and news.

Multicast routing allows a host to send packets to a subset of all hosts as a group transmission rather than to a single host, as in unicast transmission, or to all hosts, as in broadcast transmission. The subset of hosts is known as group members and they are identified by a single multicast group address that falls under the IP Class D address range from 224.0.0.0 through 239.255.255.255.[/i]"

Apparently, some routers use multicasting as a way to conserve bandwith; not sure how (I’m not that technical) but the article this quote is from relates to setting up a Cisco router for multicasting, and some of the benefits thereof.

If you’re unsure of it, you can always do this:

Go to Security/Advanced/Miscellaneous, and move the Alert Frequency slider to High or Very High. Uncheck “Do not show alerts for applications certified by Comodo.” Reboot your computer. This will obviously prompt a lot of popups (you can turn it back down after you’re satisfied you know what’s going on), but it will show IP, application, etc on each attempt. This will help you track down exactly what is causing the IGMP traffic.

You may find it’s svchost.exe, and thus probably safe, or some other known application that you choose to allow. Or you may decide you don’t want to see it any more and block it all entirely… (if it causes you problems, you can reverse the block).

Try that out, if you like, and see what kind of results that gives you.

LM