This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

wireshark 1.12.4 on windows, reports dst multicast 224.0.0.9 as being IGMPv2

0

I'm seeing that 224.0.0.9 is detected as IGMPv2 by wireshark and not RIP as it shouold be .

i checked the IGMPv2 RFC but it never indicates that this 224.0.0.9 is used by the protocol .Only RIP does .

ftp://mood.ateme.com/Clement/IGMPv2.jpg

do you know why wireshark is seeing this ?

asked 29 Apr '15, 07:21

Clement%20Duval's gravatar image

Clement Duval
1111
accept rate: 0%

What is the protocol field value in your IP header?

(29 Apr '15, 08:03) Pascal Quantin

One Answer:

1

It's not the destination address that defines this packet as IGMP, it's the IP protocol number which identifies this as IGMP. RIP(2) is running over UDP, a different IP protocol.

answered 29 Apr '15, 12:35

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%