Supplies Monitor is trying to broadcast to [224.0.0.22]

Discussion in 'Computer Security' started by Gerard Verhoef, Nov 10, 2003.

  1. My Sygate Firewall pops up immedeately after logging on with the subject
    message. Happened since i upgraded from win2000 to winxp prof.

    Supply Monitor is LXSUPMON.EXE, a Lexmark program. I have the printer a
    couple of months now.

    I checked the whole HD with ad aware and the winnt\system32 folder
    (thats where lxsupmon.exe is) with macafee. Nothing wrong.

    Seems suspicious to me nevertheless.

    Thanks for any info.

    To be complete: the firewall message details are:

    File Description : Supplies Monitor
    File Path : C:\WINNT\system32\LXSUPMON.EXE
    Process ID : 848 (Heximal) 2120 (Decimal)

    Connection origin : local initiated

    Ethernet packet details:
    Ethernet II (Packet Length: 54)
    Destination: 01-00-5e-00-00-16
    Source: 00-50-fc-5c-cb-52
    Type: IP (0x0800)
    Internet Protocol
    Version: 4
    Header Length: 24 bytes
    Flags:
    .0.. = Don't fragment: Not set
    ..0. = More fragments: Not set
    Fragment offset:0
    Time to live: 1
    Protocol: 0x2 (IGMP - Internet Group Management Message Protocol)
    Header checksum: 0xb372 (Correct)
    Source: 62.195.147.6
    Destination: 224.0.0.22

    Binary dump of the packet:
    0000: 01 00 5E 00 00 16 00 50 : FC 5C CB 52 08 00 46 00 | ..^....P.\.R..F.
    0010: 00 28 00 3D 00 00 01 02 : 72 B3 3E C3 93 06 E0 00 | .(.=....r.>.....
    0020: 00 16 94 04 00 00 22 00 : EA 03 00 00 00 01 04 00 | ......".........
    0030: 00 00 EF FF FF FA : | ......

    Is there something wrong?

    Thanks

    Gerard
    Gerard Verhoef, Nov 10, 2003
    #1
    1. Advertising

  2. Gerard,

    I don't think this packet is going very far. The IP address range
    that starts with 224/8 is in the multicast range. This packet should
    not be forwarded by any multicast routers.

    Enjoy,
    Mangled&Munged

    "Gerard Verhoef" <> wrote in message
    news:WIGrb.2366$%W3.18948@amstwist00...
    > My Sygate Firewall pops up immedeately after logging on with the subject
    > message. Happened since i upgraded from win2000 to winxp prof.
    >
    > Supply Monitor is LXSUPMON.EXE, a Lexmark program. I have the printer a
    > couple of months now.
    >
    > I checked the whole HD with ad aware and the winnt\system32 folder
    > (thats where lxsupmon.exe is) with macafee. Nothing wrong.
    >
    > Seems suspicious to me nevertheless.
    >
    > Thanks for any info.
    >
    > To be complete: the firewall message details are:
    >
    > File Description : Supplies Monitor
    > File Path : C:\WINNT\system32\LXSUPMON.EXE
    > Process ID : 848 (Heximal) 2120 (Decimal)
    >
    > Connection origin : local initiated
    >
    > Ethernet packet details:
    > Ethernet II (Packet Length: 54)
    > Destination: 01-00-5e-00-00-16
    > Source: 00-50-fc-5c-cb-52
    > Type: IP (0x0800)
    > Internet Protocol
    > Version: 4
    > Header Length: 24 bytes
    > Flags:
    > .0.. = Don't fragment: Not set
    > ..0. = More fragments: Not set
    > Fragment offset:0
    > Time to live: 1
    > Protocol: 0x2 (IGMP - Internet Group Management Message Protocol)
    > Header checksum: 0xb372 (Correct)
    > Source: 62.195.147.6
    > Destination: 224.0.0.22
    >
    > Binary dump of the packet:
    > 0000: 01 00 5E 00 00 16 00 50 : FC 5C CB 52 08 00 46 00 |

    ...^....P.\.R..F.
    > 0010: 00 28 00 3D 00 00 01 02 : 72 B3 3E C3 93 06 E0 00 |

    ..(.=....r.>.....
    > 0020: 00 16 94 04 00 00 22 00 : EA 03 00 00 00 01 04 00 |

    .......".........
    > 0030: 00 00 EF FF FF FA : | ......
    >
    > Is there something wrong?
    >
    > Thanks
    >
    > Gerard
    >
    Mangled&Munged, Nov 10, 2003
    #2
    1. Advertising

  3. Gerard Verhoef

    charlie R Guest

    Gerard,

    I installed a Lexmark Z25 two weeks ago, and the first thing it did was try
    to connect to the internet. Four or five different modules tried. If I
    blocked them completely, with ZoneAlarm Pro, the printer wouldn't work. I
    finally gave LCNA Com Server access to the Trusted Zone, blocked to the
    Internet, and the printer works. Distributed Communications showed up
    wanting Internet access, for the first time, too. I blocked it, outgoing
    and incoming. I really worried about that one, especially the incoming
    hits. I never had a printer that tried to access the internet on it's own
    before. I can check for updates myself.

    Anybody have any experience with this?

    charlie R
    "Mangled&Munged" <postmaster@127.0.0.1> wrote in message
    news:EnNrb.18692$...
    Gerard,

    I don't think this packet is going very far. The IP address range
    that starts with 224/8 is in the multicast range. This packet should
    not be forwarded by any multicast routers.

    Enjoy,
    Mangled&Munged

    "Gerard Verhoef" <> wrote in message
    news:WIGrb.2366$%W3.18948@amstwist00...
    > My Sygate Firewall pops up immedeately after logging on with the subject
    > message. Happened since i upgraded from win2000 to winxp prof.
    >
    > Supply Monitor is LXSUPMON.EXE, a Lexmark program. I have the printer a
    > couple of months now.
    >
    > I checked the whole HD with ad aware and the winnt\system32 folder
    > (thats where lxsupmon.exe is) with macafee. Nothing wrong.
    >
    > Seems suspicious to me nevertheless.
    >
    > Thanks for any info.
    >
    > To be complete: the firewall message details are:
    >
    > File Description : Supplies Monitor
    > File Path : C:\WINNT\system32\LXSUPMON.EXE
    > Process ID : 848 (Heximal) 2120 (Decimal)
    >
    > Connection origin : local initiated
    >
    > Ethernet packet details:
    > Ethernet II (Packet Length: 54)
    > Destination: 01-00-5e-00-00-16
    > Source: 00-50-fc-5c-cb-52
    > Type: IP (0x0800)
    > Internet Protocol
    > Version: 4
    > Header Length: 24 bytes
    > Flags:
    > .0.. = Don't fragment: Not set
    > ..0. = More fragments: Not set
    > Fragment offset:0
    > Time to live: 1
    > Protocol: 0x2 (IGMP - Internet Group Management Message Protocol)
    > Header checksum: 0xb372 (Correct)
    > Source: 62.195.147.6
    > Destination: 224.0.0.22
    >
    > Binary dump of the packet:
    > 0000: 01 00 5E 00 00 16 00 50 : FC 5C CB 52 08 00 46 00 |

    ...^....P.\.R..F.
    > 0010: 00 28 00 3D 00 00 01 02 : 72 B3 3E C3 93 06 E0 00 |

    ..(.=....r.>.....
    > 0020: 00 16 94 04 00 00 22 00 : EA 03 00 00 00 01 04 00 |

    .......".........
    > 0030: 00 00 EF FF FF FA : | ......
    >
    > Is there something wrong?
    >
    > Thanks
    >
    > Gerard
    >
    charlie R, Nov 10, 2003
    #3
  4. Lexmark printers have been notorious for connecting to the net and sending
    information back to the company for some time now. It's built into the
    driver package that you installed for this printer :)

    "charlie R" <> wrote in message
    news:booeij$mah$...
    > Gerard,
    >
    > I installed a Lexmark Z25 two weeks ago, and the first thing it did was

    try
    > to connect to the internet. Four or five different modules tried. If I
    > blocked them completely, with ZoneAlarm Pro, the printer wouldn't work. I
    > finally gave LCNA Com Server access to the Trusted Zone, blocked to the
    > Internet, and the printer works. Distributed Communications showed up
    > wanting Internet access, for the first time, too. I blocked it, outgoing
    > and incoming. I really worried about that one, especially the incoming
    > hits. I never had a printer that tried to access the internet on it's own
    > before. I can check for updates myself.
    >
    > Anybody have any experience with this?
    >
    > charlie R
    > "Mangled&Munged" <postmaster@127.0.0.1> wrote in message
    > news:EnNrb.18692$...
    > Gerard,
    >
    > I don't think this packet is going very far. The IP address range
    > that starts with 224/8 is in the multicast range. This packet should
    > not be forwarded by any multicast routers.
    >
    > Enjoy,
    > Mangled&Munged
    >
    > "Gerard Verhoef" <> wrote in message
    > news:WIGrb.2366$%W3.18948@amstwist00...
    > > My Sygate Firewall pops up immedeately after logging on with the subject
    > > message. Happened since i upgraded from win2000 to winxp prof.
    > >
    > > Supply Monitor is LXSUPMON.EXE, a Lexmark program. I have the printer a
    > > couple of months now.
    > >
    > > I checked the whole HD with ad aware and the winnt\system32 folder
    > > (thats where lxsupmon.exe is) with macafee. Nothing wrong.
    > >
    > > Seems suspicious to me nevertheless.
    > >
    > > Thanks for any info.
    > >
    > > To be complete: the firewall message details are:
    > >
    > > File Description : Supplies Monitor
    > > File Path : C:\WINNT\system32\LXSUPMON.EXE
    > > Process ID : 848 (Heximal) 2120 (Decimal)
    > >
    > > Connection origin : local initiated
    > >
    > > Ethernet packet details:
    > > Ethernet II (Packet Length: 54)
    > > Destination: 01-00-5e-00-00-16
    > > Source: 00-50-fc-5c-cb-52
    > > Type: IP (0x0800)
    > > Internet Protocol
    > > Version: 4
    > > Header Length: 24 bytes
    > > Flags:
    > > .0.. = Don't fragment: Not set
    > > ..0. = More fragments: Not set
    > > Fragment offset:0
    > > Time to live: 1
    > > Protocol: 0x2 (IGMP - Internet Group Management Message Protocol)
    > > Header checksum: 0xb372 (Correct)
    > > Source: 62.195.147.6
    > > Destination: 224.0.0.22
    > >
    > > Binary dump of the packet:
    > > 0000: 01 00 5E 00 00 16 00 50 : FC 5C CB 52 08 00 46 00 |

    > ..^....P.\.R..F.
    > > 0010: 00 28 00 3D 00 00 01 02 : 72 B3 3E C3 93 06 E0 00 |

    > .(.=....r.>.....
    > > 0020: 00 16 94 04 00 00 22 00 : EA 03 00 00 00 01 04 00 |

    > ......".........
    > > 0030: 00 00 EF FF FF FA : | ......
    > >
    > > Is there something wrong?
    > >
    > > Thanks
    > >
    > > Gerard
    > >

    >
    John E. Carty, Nov 10, 2003
    #4
  5. Gerard Verhoef

    charlie R Guest

    Thanks for the info, John. I guess I know what Brand Name to avoid from now
    on. Too bad. It's a good little printer, fast, and quiet, and inexpensive.
    Very pricey ink cartridges, though. I guess you get what you pay for.
    charlie R

    "John E. Carty" <> wrote in message
    news:KhPrb.27342$...
    Lexmark printers have been notorious for connecting to the net and sending
    information back to the company for some time now. It's built into the
    driver package that you installed for this printer :)

    "charlie R" <> wrote in message
    news:booeij$mah$...
    > Gerard,
    >
    > I installed a Lexmark Z25 two weeks ago, and the first thing it did was

    try
    > to connect to the internet. Four or five different modules tried. If I
    > blocked them completely, with ZoneAlarm Pro, the printer wouldn't work. I
    > finally gave LCNA Com Server access to the Trusted Zone, blocked to the
    > Internet, and the printer works. Distributed Communications showed up
    > wanting Internet access, for the first time, too. I blocked it, outgoing
    > and incoming. I really worried about that one, especially the incoming
    > hits. I never had a printer that tried to access the internet on it's own
    > before. I can check for updates myself.
    >
    > Anybody have any experience with this?
    >
    > charlie R
    > "Mangled&Munged" <postmaster@127.0.0.1> wrote in message
    > news:EnNrb.18692$...
    > Gerard,
    >
    > I don't think this packet is going very far. The IP address range
    > that starts with 224/8 is in the multicast range. This packet should
    > not be forwarded by any multicast routers.
    >
    > Enjoy,
    > Mangled&Munged
    >
    > "Gerard Verhoef" <> wrote in message
    > news:WIGrb.2366$%W3.18948@amstwist00...
    > > My Sygate Firewall pops up immedeately after logging on with the subject
    > > message. Happened since i upgraded from win2000 to winxp prof.
    > >
    > > Supply Monitor is LXSUPMON.EXE, a Lexmark program. I have the printer a
    > > couple of months now.
    > >
    > > I checked the whole HD with ad aware and the winnt\system32 folder
    > > (thats where lxsupmon.exe is) with macafee. Nothing wrong.
    > >
    > > Seems suspicious to me nevertheless.
    > >
    > > Thanks for any info.
    > >
    > > Thanks
    > >
    > > Gerard
    > >

    >
    charlie R, Nov 11, 2003
    #5
  6. Gerard Verhoef

    Jim Watt Guest

    On Mon, 10 Nov 2003 16:46:34 GMT, "John E. Carty"
    <> wrote:

    >Lexmark printers have been notorious for connecting to the net and sending
    >information back to the company for some time now. It's built into the
    >driver package that you installed for this printer :)


    If its transmitting on a multicast address block its not calling
    'home'.
    --
    Jim Watt http://www.gibnet.com
    Jim Watt, Nov 11, 2003
    #6
  7. It is easy to make claims that someone's software calls home.
    But fact and fiction should be filed in different bins.
    As I mentioned earlier, packets directed to 224.*.*.* are not
    dialing home. These are multi-cast packets and will not forwarded.

    If someone has proof of Lexmark software dialing home, it would
    be nice to see it. I'm not a fan of Lexmark, but fair is fair.

    My wife is also not a fan of Lexmark printers. A few days ago I
    heard a loud crash. My wife emerged from the office and announced that
    the Lexmark printer had just saved her life. She claimed that she was
    walking
    down the stairs with the printer and lost her balance. She hurled the
    printer to
    the 1st floor and was able to regain her balance. She then announced that
    she needed a new printer, preferably one that worked this time !
    She knows that I'm very handy and constantly repair items. This time
    she made very sure that repair was not an option :)

    Facts go in the file cabinet, fiction goes in the round bin :)

    Mangled&Munged.

    "charlie R" <> wrote in message
    news:bopge9$uvg$...
    > Thanks for the info, John. I guess I know what Brand Name to avoid from

    now
    > on. Too bad. It's a good little printer, fast, and quiet, and

    inexpensive.
    > Very pricey ink cartridges, though. I guess you get what you pay for.
    > charlie R
    >
    > "John E. Carty" <> wrote in message
    > news:KhPrb.27342$...
    > Lexmark printers have been notorious for connecting to the net and sending
    > information back to the company for some time now. It's built into the
    > driver package that you installed for this printer :)
    >
    > "charlie R" <> wrote in message
    > news:booeij$mah$...
    > > Gerard,
    > >
    > > I installed a Lexmark Z25 two weeks ago, and the first thing it did was

    > try
    > > to connect to the internet. Four or five different modules tried. If I
    > > blocked them completely, with ZoneAlarm Pro, the printer wouldn't work.

    I
    > > finally gave LCNA Com Server access to the Trusted Zone, blocked to the
    > > Internet, and the printer works. Distributed Communications showed up
    > > wanting Internet access, for the first time, too. I blocked it,

    outgoing
    > > and incoming. I really worried about that one, especially the incoming
    > > hits. I never had a printer that tried to access the internet on it's

    own
    > > before. I can check for updates myself.
    > >
    > > Anybody have any experience with this?
    > >
    > > charlie R
    > > "Mangled&Munged" <postmaster@127.0.0.1> wrote in message
    > > news:EnNrb.18692$...
    > > Gerard,
    > >
    > > I don't think this packet is going very far. The IP address range
    > > that starts with 224/8 is in the multicast range. This packet should
    > > not be forwarded by any multicast routers.
    > >
    > > Enjoy,
    > > Mangled&Munged
    > >
    > > "Gerard Verhoef" <> wrote in message
    > > news:WIGrb.2366$%W3.18948@amstwist00...
    > > > My Sygate Firewall pops up immedeately after logging on with the

    subject
    > > > message. Happened since i upgraded from win2000 to winxp prof.
    > > >
    > > > Supply Monitor is LXSUPMON.EXE, a Lexmark program. I have the printer

    a
    > > > couple of months now.
    > > >
    > > > I checked the whole HD with ad aware and the winnt\system32 folder
    > > > (thats where lxsupmon.exe is) with macafee. Nothing wrong.
    > > >
    > > > Seems suspicious to me nevertheless.
    > > >
    > > > Thanks for any info.
    > > >
    > > > Thanks
    > > >
    > > > Gerard
    > > >

    > >

    >
    Mangled&Munged, Nov 11, 2003
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?U2NvdA==?=

    IPRIP could not join the multicast group 224.0.0.9

    =?Utf-8?B?U2NvdA==?=, Dec 12, 2004, in forum: Wireless Networking
    Replies:
    0
    Views:
    1,619
    =?Utf-8?B?U2NvdA==?=
    Dec 12, 2004
  2. =?Utf-8?B?QnJhbmRvbg==?=

    Trying to use my laptop to broadcast its internet connection wirel

    =?Utf-8?B?QnJhbmRvbg==?=, Mar 9, 2006, in forum: Wireless Networking
    Replies:
    1
    Views:
    1,585
    Doug Sherman [MVP]
    Mar 9, 2006
  3. DosE
    Replies:
    3
    Views:
    834
    Pennywise
    Aug 16, 2004
  4. Imhotep
    Replies:
    0
    Views:
    395
    Imhotep
    Sep 28, 2005
  5. Replies:
    6
    Views:
    10,687
    Nathan Mercer
    Jul 4, 2004
Loading...

Share This Page