IGMP protocol pop up through RtWLan.exe

Hello,

today I suddenly received a pop up from Comodo Firewall mentioning my RTWLan.exe is trying to send a package from my source IP to a destination “224.0.0.xxx”. It was an IGMP protocol.

I never seen this destination IP before, and I cannot find it when I type IPconfig in my commandpromt.

After I typed ARP -a in my CMD, I do see the destination IP in my list as a static adress.

Could anyone explain to me why there is an outgoing package? I was browsing a website at the time it happened. Was there spyware or even a virus on the site? My upgraded version of Avast and Malware bytes do not pick anything up after a full system scan.

I blocked the IGMP package for now, is this something to worry about?

Kind regards

Internet Group Management Protocol (IGMP) packets are quite common on most operating systems and serve a variety or purposes - Multicast Addresses If you look at the last numbers of the address you can see which of the functions this particular multicast was performing.

Some people prefer to block these packets but they do serve a useful purpose, so it’s really up to you. If you wish to provide the full address we can see, in more detail, what was happening.

Thank you very much for the reply. It is good to hear that IGMP protocols are common. I tend to see a lot of incoming connection popups from other pcs hooked to the same network starting with 192, but this is the first time I saw an adress starting in 224, so it worried me.

The destination IP is 224.0.0.253

Target shows as “Out”.

I’m using windows 7 64 bit. The pc is a fresh install and has been undergoing some updates the past day or so.

The same IP is listed as “static” in the arp -a list.

That particular address is a multicast for Teredo clients on the same subnet. Basically, it’s part of IPv6, which is on by default in Windows 7. You can probably disable these alerts, if you disable IPv6 tunnelling, which if you’re not using for something like p2p (utorrent), is not a bad idea. To disable the tunnelling aspects of IPv6, open an elevated command prompt, then copy and paste the folowing:

netsh interface ipv6 6to4 set state state=disabled
netsh interface ipv6 isatap set state state=disabled
netsh interface ipv6 set teredo disabled

I dont use torrent programs , however I do know that some online gaming clients use peer to peer to download patches and such, so it may be required. I’m glad to hear that this is a standard port in windows 7 though. I will turn it off for the time being and if there are issues downloading patches I can always just turn it back on.

Thanks a lot for the information, its greatly appreciated.