Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

asked 2022-01-29 21:34:52 +0000

Vtechie gravatar image

How to find the device accessing these links _companion-link._tcp.local And lb._dns-sd._udp.local

I see these links a lot in Wireshark, I know it has something to do with Multicast DNS. I know that it is a 224.0.0.251 or whatever that number gets changed to somehow. I would really like to know who is getting the multicast.
This is my iPhone and the Protocol say it is Ethernet, but my iPhone is wireless. My computer does not access my iPhone vises virus.

I am not running any Bluetooth or Airplay items that I am aware of. I'm looking for a close by hacking possible remote into my iPhone and everything else.

Thank you,

Vicky71

Example: Frame 24968: 120 bytes on wire, 120 bytes captured on interface \Device\NPF_{8E1FB03D-}, id 0 Interface id: 0 (\Device\NPF_{8E1FB03D}) Interface name: \Device\NPF_{8E1FB03D} Interface description: TODAY IS A MIRACLE Encapsulation type: Ethernet (1) Arrival Time: Jan 29, 2022 14:16:47.326470000 Central Standard Time [Time shift for this packet: 0.000000000 seconds] [Time delta from previous captured frame: 0.127771000 seconds] [Time delta from previous displayed frame: 26.452399000 seconds] [Time since reference or first frame: 956.857961000 seconds] Frame Number: 24968 Frame Length: 120 bytes (960 bits) Capture Length: 120 bytes (960 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:mdns] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src:00:00:00:00:00:02 (00:00:00:00:00:02 ), Dst: IPv4mcast_fb (01:00:5e:00:00:fb) Destination: IPv4mcast_fb (01:00:5e:00:00:fb) <[Destination (resolved): IPv4mcast_fb]> <[Destination OUI: 01:00:5e]> Address: IPv4mcast_fb (01:00:5e:00:00:fb) <[Address (resolved): IPv4mcast_fb]> <[Address OUI: 01:00:5e]> .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) <.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)> .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast) <.... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)> Source: 00:00:00:00:00:02 (00:00:00:00:00:02) <[Source (resolved): 00:00:00:00:00:02 ]> <[Source OUI: 00:00:64]> Address: 00:00:00:00:00:02 (00:00:00:00:00:02) <[Address (resolved): 00:00:00:00:00:02]> <[Address OUI: 00:00:00]> .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default) <.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)> .... ...0 .... .... .... .... = IG bit: Individual address (unicast) <.... ...0 .... .... .... .... = IG bit: Individual address (unicast)> Type: IPv4 (0x0800) Frame check sequence: 0x5456c022 incorrect, should be 0x6400d901 [Expert Info (Error/Checksum): Bad checksum [should be 0x6400d901]] [Bad checksum [should be 0x6400d901]] <message: bad="" checksum="" [should="" be="" 0x6400d901]&gt;="" [severity="" level:="" error]="" [group:="" checksum]="" [fcs="" status:="" bad]="" internet="" protocol="" version="" 4,="" src:="" 192.168.50.127="" (192.168.50.127),="" dst:="" 224.0.0.251="" (224.0.0.251)="" 0100="" ....="Version:" 4="" ....="" 0101="Header" length:="" 20="" bytes="" (5)="" differentiated="" services="" field:="" 0x00="" (dscp:="" cs0,="" ecn:="" not-ect)="" 0000="" 00..="Differentiated" services="" codepoint:="" default="" (0)="" ....="" ..00="Explicit" congestion="" notification:="" not="" ecn-capable="" transport="" (0)="" total="" length:="" 106="" [expert="" info="" (error="" protocol):="" ipv4="" total="" length="" exceeds="" packet="" length="" (102="" bytes)]="" [ipv4="" total="" length="" exceeds="" packet="" length="" (102="" bytes)]="" <message:="" ipv4="" total="" length="" exceeds="" packet="" length="" (102="" bytes)&gt;="" [severity="" level:="" error]="" [group:="" protocol]="" identification:="" 0x138c="" (5004)="" flags:="" 0x00="" 0...="" ....="Security" flag:="" not="" evil="" .0..="" ....="Don't" fragment:="" not="" set="" ..0.="" ....="More" fragments:="" not="" set="" fragment="" offset:="" 0="" time="" to="" live:="" 255="" protocol:="" udp="" (17)="" header="" checksum:="" 0xd3d3="" [correct]="" [header="" checksum="" status:="" good]="" [calculated="" checksum:="" 0xd3d3]="" source="" address:="" 192.168.50.127="" (192.168.50.127)="" <source="" or="" destination="" address:="" 192.168.50.127="" (192.168.50.127)&gt;="" &lt;[source="" host:="" 192.168.50.127]&gt;="" &lt;[source="" or="" destination="" host:="" 192.168.50.127]&gt;="" destination="" address:="" 224.0.0.251="" (224.0.0.251)="" <source="" or="" destination="" address:="" 224.0.0.251="" (224.0.0.251)&gt;="" &lt;[destination="" host:="" 224.0.0.251]&gt;="" &lt;[source="" or="" destination="" host:="" 224.0.0.251]&gt;="" user="" datagram="" protocol,="" src="" port:="" mdns="" (5353),="" dst="" port:="" mdns="" (5353)="" source="" port:="" mdns="" (5353)="" destination="" port:="" mdns="" (5353)="" <source="" or="" destination="" port:="" mdns="" (5353)&gt;="" <source="" or="" destination="" port:="" mdns="" (5353)&gt;="" length:="" 86="" (bogus,="" payload="" length="" 82)="" [expert="" info="" (error="" malformed):="" bad="" length="" value="" 86="" &gt;="" ip="" payload="" length]="" [bad="" length="" value="" 86="" &gt;="" ip="" payload="" length]="" <message:="" bad="" length="" value="" 86="" &gt;="" ip="" payload="" length=""> [Severity level: Error] [Group: Malformed] <malformed packet=""> Checksum: 0xb40b [unverified] [Checksum Status: Unverified] [Stream index: 2] [Timestamps] [Time since first frame: 932.018971000 seconds] [Time since previous frame: 232.011318000 seconds] UDP payload (74 bytes) Multicast Domain Name System (query) Transaction ID: 0x0000 Flags: 0x0000 Standard query 0... .... .... .... = Response: Message is a query .000 0... .... .... = Opcode: Standard query (0) .... ..0. .... .... = Truncated: Message is not truncated .... ...0 .... .... = Recursion desired: Don't do query recursively .... .... .0.. .... = Z: reserved (0) .... .... ...0 .... = Non-authenticated data: Unacceptable Questions: 3 Answer RRs: 1 Authority RRs: 0 Additional RRs: 0 Queries _raop._tcp.local: type PTR, class IN, "QU" question Name: _raop._tcp.local [Name Length: 16] [Label Count: 3] Type: PTR (domain name PoinTeR) (12) .000 0000 0000 0001 = Class: IN (0x0001) 1... .... .... .... = "QU" question: True _airplay._tcp.local: type PTR, class IN, "QU" question Name: _airplay._tcp.local [Name Length: 19] [Label Count: 3] Type: PTR (domain name PoinTeR) (12) .000 0000 0000 0001 = Class: IN (0x0001) 1... .... .... .... = "QU" question: True _raop._tcp.local: type PTR, class IN, "QU" question Name: _raop._tcp.local [Name Length: 16] [Label Count: 3] Type: PTR (domain name PoinTeR) (12) .000 0000 0000 0001 = Class: IN (0x0001) 1... .... .... .... = "QU" question: True Answers [Malformed Packet: mDNS] [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)] [Malformed Packet (Exception occurred)] <message: malformed="" packet="" (exception="" occurred)&gt;="" [severity="" level:="" error]="" [group:="" malformed]="" <malformed="" packet="">

How to find the device accessing these links _companion-link._tcp.local And lb._dns-sd._udp.local

I see these links a lot in Wireshark, I know it has something to do with Multicast DNS. I know that it is a 224.0.0.251 or whatever that number gets changed to somehow. I would really like to know who is getting the multicast.
This is my iPhone and the Protocol say it is Ethernet, but my iPhone is wireless. My computer does not access my iPhone vises virus.

I am not running any Bluetooth or Airplay items that I am aware of. I'm looking for a close by hacking possible remote into my iPhone and everything else.

Thank you,

Vicky71

Example: Frame 24968: 120 bytes on wire, 120 bytes captured on interface \Device\NPF_{8E1FB03D-}, id 0 Interface id: 0 (\Device\NPF_{8E1FB03D}) Interface name: \Device\NPF_{8E1FB03D} Interface description: TODAY IS A MIRACLE Encapsulation type: Ethernet (1) Arrival Time: Jan 29, 2022 14:16:47.326470000 Central Standard Time [Time shift for this packet: 0.000000000 seconds] [Time delta from previous captured frame: 0.127771000 seconds] [Time delta from previous displayed frame: 26.452399000 seconds] [Time since reference or first frame: 956.857961000 seconds] Frame Number: 24968 Frame Length: 120 bytes (960 bits) Capture Length: 120 bytes (960 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:mdns] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src:00:00:00:00:00:02 (00:00:00:00:00:02 ), Dst: IPv4mcast_fb (01:00:5e:00:00:fb) Destination: IPv4mcast_fb (01:00:5e:00:00:fb) <[Destination (resolved): IPv4mcast_fb]> <[Destination OUI: 01:00:5e]> Address: IPv4mcast_fb (01:00:5e:00:00:fb) <[Address (resolved): IPv4mcast_fb]> <[Address OUI: 01:00:5e]> .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) <.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)> .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast) <.... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)> Source: 00:00:00:00:00:02 (00:00:00:00:00:02) <[Source (resolved): 00:00:00:00:00:02 ]> <[Source OUI: 00:00:64]> Address: 00:00:00:00:00:02 (00:00:00:00:00:02) <[Address (resolved): 00:00:00:00:00:02]> <[Address OUI: 00:00:00]> .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default) <.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)> .... ...0 .... .... .... .... = IG bit: Individual address (unicast) <.... ...0 .... .... .... .... = IG bit: Individual address (unicast)> Type: IPv4 (0x0800) Frame check sequence: 0x5456c022 incorrect, should be 0x6400d901 [Expert Info (Error/Checksum): Bad checksum [should be 0x6400d901]] [Bad checksum [should be 0x6400d901]] <message: bad="" checksum="" [should="" be="" 0x6400d901]&gt;="" [severity="" level:="" error]="" [group:="" checksum]="" [fcs="" status:="" bad]="" internet="" protocol="" version="" 4,="" src:="" 192.168.50.127="" (192.168.50.127),="" dst:="" 224.0.0.251="" (224.0.0.251)="" 0100="" ....="Version:" 4="" ....="" 0101="Header" length:="" 20="" bytes="" (5)="" differentiated="" services="" field:="" 0x00="" (dscp:="" cs0,="" ecn:="" not-ect)="" 0000="" 00..="Differentiated" services="" codepoint:="" default="" (0)="" ....="" ..00="Explicit" congestion="" notification:="" not="" ecn-capable="" transport="" (0)="" total="" length:="" 106="" [expert="" info="" (error="" protocol):="" ipv4="" total="" length="" exceeds="" packet="" length="" (102="" bytes)]="" [ipv4="" total="" length="" exceeds="" packet="" length="" (102="" bytes)]="" <message:="" ipv4="" total="" length="" exceeds="" packet="" length="" (102="" bytes)&gt;="" [severity="" level:="" error]="" [group:="" protocol]="" identification:="" 0x138c="" (5004)="" flags:="" 0x00="" 0...="" ....="Security" flag:="" not="" evil="" .0..="" ....="Don't" fragment:="" not="" set="" ..0.="" ....="More" fragments:="" not="" set="" fragment="" offset:="" 0="" time="" to="" live:="" 255="" protocol:="" udp="" (17)="" header="" checksum:="" 0xd3d3="" [correct]="" [header="" checksum="" status:="" good]="" [calculated="" checksum:="" 0xd3d3]="" source="" address:="" 192.168.50.127="" (192.168.50.127)="" <source="" or="" destination="" address:="" 192.168.50.127="" (192.168.50.127)&gt;="" &lt;[source="" host:="" 192.168.50.127]&gt;="" &lt;[source="" or="" destination="" host:="" 192.168.50.127]&gt;="" destination="" address:="" 224.0.0.251="" (224.0.0.251)="" <source="" or="" destination="" address:="" 224.0.0.251="" (224.0.0.251)&gt;="" &lt;[destination="" host:="" 224.0.0.251]&gt;="" &lt;[source="" or="" destination="" host:="" 224.0.0.251]&gt;="" user="" datagram="" protocol,="" src="" port:="" mdns="" (5353),="" dst="" port:="" mdns="" (5353)="" source="" port:="" mdns="" (5353)="" destination="" port:="" mdns="" (5353)="" <source="" or="" destination="" port:="" mdns="" (5353)&gt;="" <source="" or="" destination="" port:="" mdns="" (5353)&gt;="" length:="" 86="" (bogus,="" payload="" length="" 82)="" [expert="" info="" (error="" malformed):="" bad="" length="" value="" 86="" &gt;="" ip="" payload="" length]="" [bad="" length="" value="" 86="" &gt;="" ip="" payload="" length]="" <message:="" bad="" length="" value="" 86="" &gt;="" ip="" payload="" length=""> [Severity level: Error] [Group: Malformed] <malformed packet=""> Checksum: 0xb40b [unverified] [Checksum Status: Unverified] [Stream index: 2] [Timestamps] [Time since first frame: 932.018971000 seconds] [Time since previous frame: 232.011318000 seconds] UDP payload (74 bytes) Multicast Domain Name System (query) Transaction ID: 0x0000 Flags: 0x0000 Standard query 0... .... .... .... = Response: Message is a query .000 0... .... .... = Opcode: Standard query (0) .... ..0. .... .... = Truncated: Message is not truncated .... ...0 .... .... = Recursion desired: Don't do query recursively .... .... .0.. .... = Z: reserved (0) .... .... ...0 .... = Non-authenticated data: Unacceptable Questions: 3 Answer RRs: 1 Authority RRs: 0 Additional RRs: 0 Queries _raop._tcp.local: type PTR, class IN, "QU" question Name: _raop._tcp.local [Name Length: 16] [Label Count: 3] Type: PTR (domain name PoinTeR) (12) .000 0000 0000 0001 = Class: IN (0x0001) 1... .... .... .... = "QU" question: True _airplay._tcp.local: type PTR, class IN, "QU" question Name: _airplay._tcp.local [Name Length: 19] [Label Count: 3] Type: PTR (domain name PoinTeR) (12) .000 0000 0000 0001 = Class: IN (0x0001) 1... .... .... .... = "QU" question: True _raop._tcp.local: type PTR, class IN, "QU" question Name: _raop._tcp.local [Name Length: 16] [Label Count: 3] Type: PTR (domain name PoinTeR) (12) .000 0000 0000 0001 = Class: IN (0x0001) 1... .... .... .... = "QU" question: True Answers [Malformed Packet: mDNS] [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)] [Malformed Packet (Exception occurred)] <message: malformed="" packet="" (exception="" occurred)&gt;="" [severity="" level:="" error]="" [group:="" malformed]="" <malformed="" packet="">

How to find the device accessing these links _companion-link._tcp.local And lb._dns-sd._udp.local

I see these links a lot in Wireshark, I know it has something to do with Multicast DNS. I know that it is a 224.0.0.251 or whatever that number gets changed to somehow. I would really like to know who is getting the multicast.
This is my iPhone and the Protocol say it is Ethernet, but my iPhone is wireless. My computer does not access my iPhone vises virus.

I am not running any Bluetooth or Airplay items that I am aware of. I'm looking for a close by hacking possible remote into my iPhone and everything else.

This was all bunched together before I came back and edited this by putting some spaces in it.

Thank you,

Vicky71

Example: Frame 24968: 120 bytes on wire, 120 bytes captured on interface \Device\NPF_{8E1FB03D-}, \Device\NPF_{8E1FB03D-}, id 0 Interface id: 0 (\Device\NPF_{8E1FB03D}) (\Device\NPF_{8E1FB03D})

    Interface name: \Device\NPF_{8E1FB03D}
      Interface description: TODAY IS A MIRACLE
  Encapsulation type: Ethernet (1)
  Arrival Time: Jan 29, 2022 14:16:47.326470000 Central Standard Time
  [Time shift for this packet: 0.000000000 seconds]
  [Time delta from previous captured frame: 0.127771000 seconds]
  [Time delta from previous displayed frame: 26.452399000 seconds]
  [Time since reference or first frame: 956.857961000 seconds]

Frame Number: 24968 24968

Frame Length: 120 bytes (960 bits)
 Capture Length: 120 bytes (960 bits)
  [Frame is marked: False]
 [Frame is ignored: False]
  [Protocols in frame: eth:ethertype:ip:udp:mdns]

[Coloring Rule Name: UDP] [Coloring Rule String: udp] udp]

Ethernet II, Src:00:00:00:00:00:02 (00:00:00:00:00:02 ), Dst: IPv4mcast_fb (01:00:5e:00:00:fb) (01:00:5e:00:00:fb)

Destination: IPv4mcast_fb (01:00:5e:00:00:fb)
     <[Destination (resolved): IPv4mcast_fb]>
     <[Destination OUI: 01:00:5e]>
     Address: IPv4mcast_fb (01:00:5e:00:00:fb)
     <[Address (resolved): IPv4mcast_fb]>
     <[Address OUI: 01:00:5e]>
      .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
     <.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)>
     .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
     <.... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)>
  Source: 00:00:00:00:00:02 (00:00:00:00:00:02)
     <[Source (resolved): 00:00:00:00:00:02 ]>
     <[Source OUI: 00:00:64]>
     Address: 00:00:00:00:00:02 (00:00:00:00:00:02)
     <[Address (resolved): 00:00:00:00:00:02]>
     <[Address OUI: 00:00:00]>
      .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
     <.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)>
     .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
     <.... ...0 .... .... .... .... = IG bit: Individual address (unicast)>
  Type: IPv4 (0x0800)
 Frame check sequence: 0x5456c022 incorrect, should be 0x6400d901
     [Expert Info (Error/Checksum): Bad checksum [should be 0x6400d901]]
         [Bad checksum [should be 0x6400d901]]
            <message: bad="" checksum="" [should="" be="" 0x6400d901]&gt;="" [severity="" level:="" error]="" [group:="" checksum]="" [fcs="" status:="" bad]="" internet="" protocol="" version="" 4,="" src:="" 192.168.50.127="" (192.168.50.127),="" dst:="" 224.0.0.251="" (224.0.0.251)="" 0100="" ....="Version:" 4="" ....="" 0101="Header" length:="" 20="" bytes="" (5)="" differentiated="" services="" field:="" 0x00="" (dscp:="" cs0,="" ecn:="" not-ect)="" 0000="" 00..="Differentiated" services="" codepoint:="" default="" (0)="" ....="" ..00="Explicit" congestion="" notification:="" not="" ecn-capable="" transport="" (0)="" total="" length:="" 106="" [expert="" info="" (error="" protocol):="" ipv4="" total="" length="" exceeds="" packet="" length="" (102="" bytes)]="" [ipv4="" total="" length="" exceeds="" packet="" length="" (102="" bytes)]="" <message:="" ipv4="" total="" length="" exceeds="" packet="" length="" (102="" bytes)&gt;="" [severity="" level:="" error]="" [group:="" protocol]="" identification:="" 0x138c="" (5004)="" flags:="" 0x00="" 0...="" ....="Security" flag:="" not="" evil="" .0..="" ....="Don't" fragment:="" not="" set="" ..0.="" ....="More" fragments:="" not="" set="" fragment="" offset:="" 0="" time="" to="" live:="" 255="" protocol:="" udp="" (17)="" header="" checksum:="" 0xd3d3="" [correct]="" [header="" checksum="" status:="" good]="" [calculated="" checksum:="" 0xd3d3]="" source="" address:="" 192.168.50.127="" (192.168.50.127)="" <source="" or="" destination="" address:="" 192.168.50.127="" (192.168.50.127)&gt;="" &lt;[source="" host:="" 192.168.50.127]&gt;="" &lt;[source="" or="" destination="" host:="" 192.168.50.127]&gt;="" destination="" address:="" 224.0.0.251="" (224.0.0.251)="" <source="" or="" destination="" address:="" 224.0.0.251="" (224.0.0.251)&gt;="" &lt;[destination="" host:="" 224.0.0.251]&gt;="" &lt;[source="" or="" destination="" host:="" 224.0.0.251]&gt;="" user="" datagram="" protocol,="" src="" port:="" mdns="" (5353),="" dst="" port:="" mdns="" (5353)="" source="" port:="" mdns="" (5353)="" destination="" port:="" mdns="" (5353)="" <source="" <Message: Bad checksum [should be 0x6400d901]>
        [Severity level: Error]
        [Group: Checksum]
[FCS Status: Bad]

Internet Protocol Version 4, Src: 192.168.50.127 (192.168.50.127), Dst: 224.0.0.251 (224.0.0.251) 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)

Total Length: 106
    [Expert Info (Error/Protocol): IPv4 total length exceeds packet length (102 bytes)]
        [IPv4 total length exceeds packet length (102 bytes)]
        <Message: IPv4 total length exceeds packet length (102 bytes)>
        [Severity level: Error]
        [Group: Protocol]

Identification: 0x138c (5004)
Flags: 0x00
    0... .... = Security flag: Not evil
    .0.. .... = Don't fragment: Not set
    ..0. .... = More fragments: Not set

Fragment Offset: 0
Time to Live: 255
Protocol: UDP (17)
Header Checksum: 0xd3d3 [correct]
[Header checksum status: Good]
[Calculated Checksum: 0xd3d3]

Source Address: 192.168.50.127 (192.168.50.127)
<Source or Destination Address: 192.168.50.127 (192.168.50.127)>
<[Source Host: 192.168.50.127]>
<[Source or Destination Host: 192.168.50.127]>

Destination Address: 224.0.0.251 (224.0.0.251)
<Source or Destination Address: 224.0.0.251 (224.0.0.251)>
<[Destination Host: 224.0.0.251]>
<[Source or Destination Host: 224.0.0.251]>

User Datagram Protocol, Src Port: mdns (5353), Dst Port: mdns (5353) Source Port: mdns (5353) Destination Port: mdns (5353) <source or="" destination="" port:="" mdns="" (5353)&gt;="" <source="" or="" destination="" port:="" mdns="" (5353)&gt;="" length:="" 86="" (bogus,="" payload="" length="" 82)="" [expert="" info="" (error="" malformed):="" bad="" length="" value="" 86="" &gt;="" ip="" payload="" length]="" [bad="" length="" value="" 86="" &gt;="" ip="" payload="" length]="" <message:="" bad="" length="" value="" 86="" &gt;="" ip="" payload="" length=""> 82)<="" p=""> 

    [Expert Info (Error/Malformed): Bad length value 86 > IP payload length]
        [Bad length value 86 > IP payload length]
        <Message: Bad length value 86 > IP payload length>
        [Severity level: Error]
         [Group: Malformed]
        <malformed packet="">
    <Malformed Packet>
Checksum: 0xb40b [unverified]
 [Checksum Status: Unverified]
 [Stream index: 2]
  [Timestamps]
     [Time since first frame: 932.018971000 seconds]
     [Time since previous frame: 232.011318000 seconds]
 UDP payload (74 bytes)

Multicast Domain Name System (query) (query)

Transaction ID: 0x0000
 Flags: 0x0000 Standard query
     0... .... .... .... = Response: Message is a query
     .000 0... .... .... = Opcode: Standard query (0)
     .... ..0. .... .... = Truncated: Message is not truncated
     .... ...0 .... .... = Recursion desired: Don't do query recursively
     .... .... .0.. .... = Z: reserved (0)
     .... .... ...0 .... = Non-authenticated data: Unacceptable
  Questions: 3
 Answer RRs: 1
 Authority RRs: 0
 Additional RRs: 0
 Queries
     _raop._tcp.local: type PTR, class IN, "QU" question
         Name: _raop._tcp.local
         [Name Length: 16]
         [Label Count: 3]
         Type: PTR (domain name PoinTeR) (12)
         .000 0000 0000 0001 = Class: IN (0x0001)
         1... .... .... .... = "QU" question: True
      _airplay._tcp.local: type PTR, class IN, "QU" question
         Name: _airplay._tcp.local
         [Name Length: 19]
         [Label Count: 3]
         Type: PTR (domain name PoinTeR) (12)
         .000 0000 0000 0001 = Class: IN (0x0001)
         1... .... .... .... = "QU" question: True
      _raop._tcp.local: type PTR, class IN, "QU" question
         Name: _raop._tcp.local
         [Name Length: 16]
         [Label Count: 3]
         Type: PTR (domain name PoinTeR) (12)
         .000 0000 0000 0001 = Class: IN (0x0001)
         1... .... .... .... = "QU" question: True
 Answers

[Malformed Packet: mDNS] [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)] [Malformed Packet (Exception occurred)] <message: malformed="" packet="" (exception="" occurred)&gt;="" [severity="" level:="" error]="" [group:="" malformed]="" <malformed="" packet="">

click to hide/show revision 4
None

updated 2022-01-29 22:30:40 +0000

grahamb gravatar image

How to find the device accessing these links _companion-link._tcp.local And lb._dns-sd._udp.local

I see these links a lot in Wireshark, I know it has something to do with Multicast DNS. I know that it is a 224.0.0.251 or whatever that number gets changed to somehow. I would really like to know who is getting the multicast.
This is my iPhone and the Protocol say it is Ethernet, but my iPhone is wireless. My computer does not access my iPhone vises virus.

I am not running any Bluetooth or Airplay items that I am aware of. I'm looking for a close by hacking possible remote into my iPhone and everything else.

This was all bunched together before I came back and edited this by putting some spaces in it.

Thank you,

Vicky71

Example: Example:

Frame 24968: 120 bytes on wire, 120 bytes captured on interface \Device\NPF_{8E1FB03D-},
 id 0
    Interface id: 0 (\Device\NPF_{8E1FB03D})
 
(\Device\NPF_{8E1FB03D})
        Interface name: \Device\NPF_{8E1FB03D}
      Interface description: TODAY IS A MIRACLE
  Encapsulation type: Ethernet (1)
  Arrival Time: Jan 29, 2022 14:16:47.326470000 Central Standard Time
  [Time shift for this packet: 0.000000000 seconds]
  [Time delta from previous captured frame: 0.127771000 seconds]
  [Time delta from previous displayed frame: 26.452399000 seconds]
  [Time since reference or first frame: 956.857961000 seconds]

 
 Frame Number: 24968
 
24968
    Frame Length: 120 bytes (960 bits)
 Capture Length: 120 bytes (960 bits)
  [Frame is marked: False]
 [Frame is ignored: False]
  [Protocols in frame: eth:ethertype:ip:udp:mdns]

 
 [Coloring Rule Name: UDP]
    [Coloring Rule String: udp]
 
udp]

Ethernet II, Src:00:00:00:00:00:02  (00:00:00:00:00:02 ), Dst: IPv4mcast_fb (01:00:5e:00:00:fb)
 
(01:00:5e:00:00:fb)

    Destination: IPv4mcast_fb (01:00:5e:00:00:fb)
     <[Destination (resolved): IPv4mcast_fb]>
     <[Destination OUI: 01:00:5e]>
     Address: IPv4mcast_fb (01:00:5e:00:00:fb)
     <[Address (resolved): IPv4mcast_fb]>
     <[Address OUI: 01:00:5e]>

     .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
     <.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)>
     .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
     <.... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)>

 Source: 00:00:00:00:00:02 (00:00:00:00:00:02)
     <[Source (resolved): 00:00:00:00:00:02 ]>
     <[Source OUI: 00:00:64]>
     Address: 00:00:00:00:00:02 (00:00:00:00:00:02)
     <[Address (resolved): 00:00:00:00:00:02]>
     <[Address OUI: 00:00:00]>

     .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
     <.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)>
     .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
     <.... ...0 .... .... .... .... = IG bit: Individual address (unicast)>

 Type: IPv4 (0x0800)
 Frame check sequence: 0x5456c022 incorrect, should be 0x6400d901
     [Expert Info (Error/Checksum): Bad checksum [should be 0x6400d901]]
         [Bad checksum [should be 0x6400d901]]
         <Message: Bad checksum [should be 0x6400d901]>
         [Severity level: Error]
         [Group: Checksum]
 [FCS Status: Bad]

 
 Internet Protocol Version 4, Src: 192.168.50.127 (192.168.50.127), Dst: 224.0.0.251 (224.0.0.251)
    0100 .... = Version: 4
    .... 0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
        0000 00.. = Differentiated Services Codepoint: Default (0)
        .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
 
(0)

    Total Length: 106
     [Expert Info (Error/Protocol): IPv4 total length exceeds packet length (102 bytes)]
         [IPv4 total length exceeds packet length (102 bytes)]
         <Message: IPv4 total length exceeds packet length (102 bytes)>
         [Severity level: Error]
         [Group: Protocol]

 Identification: 0x138c (5004)
 Flags: 0x00
     0... .... = Security flag: Not evil
     .0.. .... = Don't fragment: Not set
     ..0. .... = More fragments: Not set

 Fragment Offset: 0
 Time to Live: 255
 Protocol: UDP (17)
 Header Checksum: 0xd3d3 [correct]
 [Header checksum status: Good]
 [Calculated Checksum: 0xd3d3]

 Source Address: 192.168.50.127 (192.168.50.127)
 <Source or Destination Address: 192.168.50.127 (192.168.50.127)>
 <[Source Host: 192.168.50.127]>
 <[Source or Destination Host: 192.168.50.127]>

 Destination Address: 224.0.0.251 (224.0.0.251)
 <Source or Destination Address: 224.0.0.251 (224.0.0.251)>
 <[Destination Host: 224.0.0.251]>
 <[Source or Destination Host: 224.0.0.251]>

 
 User Datagram Protocol, Src Port: mdns (5353), Dst Port: mdns (5353)
    Source Port: mdns (5353)
    Destination Port: mdns (5353)
    <source or="" destination="" port:="" mdns="" (5353)&gt;="" <source="" or="" destination="" port:="" mdns="" (5353)&gt;="" length:="" 86="" (bogus,="" payload="" length="" 82)<="" p="">


<Source or Destination Port: mdns (5353)>
    <Source or Destination Port: mdns (5353)>
    Length: 86 (bogus, payload length 82)

        [Expert Info (Error/Malformed): Bad length value 86 > IP payload length]
         [Bad length value 86 > IP payload length]
         <Message: Bad length value 86 > IP payload length>
         [Severity level: Error]
         [Group: Malformed]
     <Malformed Packet>
 Checksum: 0xb40b [unverified]
 [Checksum Status: Unverified]
 [Stream index: 2]

 [Timestamps]
     [Time since first frame: 932.018971000 seconds]
     [Time since previous frame: 232.011318000 seconds]
 UDP payload (74 bytes)

 
Multicast Domain Name System (query)
 
(query)

    Transaction ID: 0x0000
 Flags: 0x0000 Standard query
     0... .... .... .... = Response: Message is a query
     .000 0... .... .... = Opcode: Standard query (0)
     .... ..0. .... .... = Truncated: Message is not truncated
     .... ...0 .... .... = Recursion desired: Don't do query recursively
     .... .... .0.. .... = Z: reserved (0)
     .... .... ...0 .... = Non-authenticated data: Unacceptable

 Questions: 3
 Answer RRs: 1
 Authority RRs: 0
 Additional RRs: 0
 Queries
     _raop._tcp.local: type PTR, class IN, "QU" question
         Name: _raop._tcp.local
         [Name Length: 16]
         [Label Count: 3]
         Type: PTR (domain name PoinTeR) (12)
         .000 0000 0000 0001 = Class: IN (0x0001)
         1... .... .... .... = "QU" question: True

     _airplay._tcp.local: type PTR, class IN, "QU" question
         Name: _airplay._tcp.local
         [Name Length: 19]
         [Label Count: 3]
         Type: PTR (domain name PoinTeR) (12)
         .000 0000 0000 0001 = Class: IN (0x0001)
         1... .... .... .... = "QU" question: True

     _raop._tcp.local: type PTR, class IN, "QU" question
         Name: _raop._tcp.local
         [Name Length: 16]
         [Label Count: 3]
         Type: PTR (domain name PoinTeR) (12)
         .000 0000 0000 0001 = Class: IN (0x0001)
         1... .... .... .... = "QU" question: True
 Answers

 
[Malformed Packet: mDNS]
    [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]
        [Malformed Packet (Exception occurred)]
        <message: malformed="" packet="" (exception="" occurred)&gt;="" [severity="" level:="" error]="" [group:="" malformed]="" <malformed="" packet="">
<Message: Malformed Packet (Exception occurred)>
        [Severity level: Error]
        [Group: Malformed]
    <Malformed Packet>
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2