HPE Community
Operating System - Tru64 Unix
1825175 Members
4199 Online
109679 Solutions
New Discussion юеВ

Controlling IGMP

 
Mark Poeschl_2
Honored Contributor

тАО08-19-2005 03:44 AM

тАО08-19-2005 03:44 AM

Controlling IGMP

I've got a total of 5 Tru64 systems all running 5.1B PK4. Four of the five form two two-member TruClusters and the last is a stand-alone system. From the standalone system only, our firewall is detecting IGMP multicast transmissions to 228.7.7.7. None of the systems is running mrouted and none of them has an mrouted.conf file. I want to stop these transmissions on that stand-alone server. How do I control IGMP behavior on a Tru64 server?
0 Kudos
4 REPLIES 4
Al Licause
Trusted Contributor

тАО08-22-2005 02:01 AM

тАО08-22-2005 02:01 AM

Re: Controlling IGMP

The first thing I would do would be to run tcpdump on the systems in question to make sure that infact, they are the source of the IGMP messages.

Unless you are running a specific application that starts multicast announcments and you actually see that address in your routing table (netstat -rn), the system shouldn't start this type of behaviour on it's own.

Once you've determined that any of these systems is sending this data, you might want to review the rc3.d directory to see what is being started at boot time. If anything looks suspicious, then kill it.
0 Kudos
Mark Poeschl_2
Honored Contributor

тАО08-22-2005 03:35 AM

тАО08-22-2005 03:35 AM

Re: Controlling IGMP

tcpdump confirms that this host is sending a "Leaving Group" IGMP message followed by one or two "Group Membership Report" messages once per minute. I never see anything show up in the 'netstat -rn' output, but wouldn't multicast traffic just get sent out all active interfaces in that case?

Attached is the output of 'ls /sbin/rc3.d'.

S81cache is our application startup script. This same script is run on the hosts that do not exhibit this IGMP behavior.

S96redalert is an application monitoring tool. This script points to a Perl script which no longer exists on our system.

S99twagent is the Tripwire management agent startup script. It also runs on hosts that don't exhibit this behavior.

The only other thing that is even slightly unusual is the WCCProxy and OVSOM host agent startup stuff. Would either of these two use IGMP?
0 Kudos
Al Licause
Trusted Contributor

тАО08-23-2005 12:49 AM

тАО08-23-2005 12:49 AM

Re: Controlling IGMP

I'm not familiar with the other components you've mentioned in rc3.d. But since the announcements take place once a minute, it shouldn't be hard to test.

Simply shutdown those scripts one at a time until the announcements stop.

Then once you've found the specific script that is starting the application doing the announcing, go through the script to see just what it is starting.
0 Kudos
Mark Poeschl_2
Honored Contributor

тАО08-23-2005 05:29 AM

тАО08-23-2005 05:29 AM

Re: Controlling IGMP

Thanks. It ended up being the OVSOM host agent.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.