Open mDNS Report

This report identifies hosts that have the mDNS service running and accessible from the Internet.

See https://en.wikipedia.org/wiki/Multicast_DNS for more information on mDNS, which can be probed in a unicast fashion and can respond in methods similar to a standard DNS server.

Our initial probe tests to see if mDNS is accessible on the Internet and collects the information that it discloses, including a list of services that may be accessible via further mDNS probes. If a host is found to have the services “_workstation._tcp.local” or “_http._tcp.local” running, secondary probes are performed to collect whatever system information is returned. Some of the information that may be returned includes: trivial name of the device, IPv4 and IPv6 address(es) of the device (this may include RFC1918 addresses that are not meant to be leaked), MAC address information of the device, and potentially other information.

Fields

  • timestamp
    Time that the IP was probed in UTC+0
  • ip
    The IP address of the device in question
  • protocol
    Protocol that the mDNS response came on (always UDP)
  • port
    Port that the mDNS response came from (usually 5353/UDP)
  • hostname
    Reverse DNS name of the device in question
  • tag
    This will always be mdns
  • asn
    ASN of where the device in question resides
  • geo
    Country where the device in question resides
  • region
    State / Province / Administrative region where the device in question resides
  • city
    City in which the device in question resides
  • naics
    North American Industry Classification System Code
  • sic
    Standard Industrial Classification System Code
  • mdns_name
    The trivial .local name that is sometimes returned in response to the initial probe for _services._dns-sd._udp.local; this field is often empty
  • mdns_ipv4
    The IPv4 address(es) that are sometimes returned in response to the initial probe; this field is often empty
  • mdns_ipv6
    The IPv6 address(es) that are sometimes returned in response to the initial probe; this field is often empty
  • services
    The services that the host is running in response to the query for the list of info with "_services._dns-sd._udp.local"
  • workstation_name
    The mDNS name that is returned in response to follow up mDNS query for "_workstation._tcp.local"
  • workstation_ipv4
    The IPv4 address(es) that is/are returned in response to follow up mDNS query for "_workstation._tcp.local"
  • workstation_ipv6
    The IPv6 address(es) that is/are returned in response to follow up mDNS query for "_workstation._tcp.local"
  • workstation_info
    Information about the host that responded to the query for "_workstation._tcp.local" — it may contain name, MAC addresses, et cetera
  • http_name
    The mDNS name that is returned in response to follow up mDNS query for "_http._tcp.local"
  • http_ipv4
    The IPv4 address(es) that is/are returned in response to follow up mDNS query for "_http._tcp.local"
  • http_ipv6
    The IPv6 address(es) that is/are returned in response to follow up mDNS query for "_http._tcp.local"
  • http_ptr
    Contains information that looks like a trivial name and mDNS _local strings
  • http_info
    More information about the http device is response to the query for "_http._tcp.local"
  • http_target
    Name of the HTTP server. Usually just the contents of the http_name field with a trailing ".0"
  • http_port
    The port that the http server appears to be listening on

Sample

"timestamp","ip","protocol","port","hostname","tag","asn","geo","region","city","naics","sic","mdns_name","mdns_ipv4","mdns_ipv6","services","workstation_name","workstation_ipv4","workstation_ipv6","workstation_info","http_name","http_ipv4","http_ipv6","http_ptr","http_info","http_target","http_port"
"2016-02-16 03:39:41","42.51.144.2","udp",5353,"htuidc.bgp.ip","mdns",56005,"CN","HENAN","ZHENGZHOU",0,0,,,,"_workstation._tcp.local.; _ssh._tcp.local.;","htuidc.local.","42.51.144.2 42.51.143.20 42.51.144.3 42.51.143.21 42.51.144.4 42.51.143.22 42.51.144.5 42.51.143.23",,"htuidc  00:50:56:a9:5d:21]._workstation._tcp.local.",,,,,,,
"2016-02-16 03:39:41","203.109.149.72","udp",5353,"unassigned.static.cust.vf.net.nz","mdns",7657,"NZ","AUCKLAND","AUCKLAND",0,0,,,,"_workstation._tcp.local.;","prometheus.local.","192.168.0.1","fe80:0:0:0:224:1dff:fe5b:f1e8","prometheus [00:24:1d:5b:f1:e8]._workstation._tcp.local.",,,,,,,
"2016-02-16 03:39:41","50.142.27.87","udp",5353,"c-50-142-27-87.hsd1.tn.comcast.net","mdns",7922,"US","TENNESSEE","CORRYTON",518210,737415,,,,"_spotify-connect._tcp.local.;",,,,,,,,,,,
"2016-02-16 03:39:41","73.45.155.83","udp",5353,"c-73-45-155-83.hsd1.il.comcast.net","mdns",7922,"US","ILLINOIS","CHAMPAIGN",518210,737415,,,,"_spotify-connect._tcp.local.;",,,,,,,,,,,
"2016-02-16 03:39:41","213.196.145.112","udp",5353,"catv-145-112.tbwil.ch","mdns",21040,"CH","THURGAU","WILEN BEI WIL",0,0,,,,"_spotify-connect._tcp.local.;",,,,,,,,,,,
"2016-02-16 03:39:41","216.213.96.84","udp",5353,,"mdns",12124,"US","NEW YORK","NEW YORK",0,0,,,,"_workstation._tcp.local.;","ubuntu-2.local.","216.213.96.84","fe80:0:0:0:250:56ff:febe:6cc8","ubuntu-2 [00:50:56:be:6c:c8]._workstation._tcp.local.",,,,,,,
"2016-02-16 03:39:41","60.250.78.38","udp",5353,"60-250-78-38.hinet-ip.hinet.net","mdns",3462,"TW","TAICHUNG CITY","TAICHUNG",518210,737415,,,,"_adobe-vc._tcp.local.; _acrobatSRV._tcp.local.;",,,,,,,,,,,
"2016-02-16 03:39:41","121.8.199.28","udp",5353,,"mdns",4134,"CN","GUANGDONG","GUANGZHOU",0,0,,,,"_workstation._tcp.local.; _sftp-ssh._tcp.local.;",,,,,,,,,,,
"2016-02-16 03:39:41","46.101.77.173","udp",5353,,"mdns",202109,"UK","LONDON","LONDON",541512,737999,,,,"_workstation._tcp.local.;","getbet.local.","46.101.77.173 10.16.0.6","fe80:0:0:0:601:82ff:fece:1e01","getbet [04:01:82:ce:1e:01]._workstation._tcp.local.",,,,,,,
"2016-02-16 03:39:41","210.73.208.12","udp",5353,,"mdns",23724,"CN","BEIJING","BEIJING",0,0,,,,"_workstation._tcp.local.; _ssh._tcp.local.;","linux-2.local.","210.73.208.12","fe80:0:0:0:250:56ff:fe9b:6348","linux-2 [00:50:56:9b:63:48]._workstation._tcp.local.",,,,,,,
"2016-02-16 03:39:41","188.40.101.76","udp",5353,"ty11.tyclipso.net","mdns",24940,"DE","BAYERN","GUNZENHAUSEN",0,0,,,,"_workstation._tcp.local.;","ty11.local.","188.40.101.76","fe80:0:0:0:224:21ff:feef:31da","ty11 [00:24:21:ef:31:da]._workstation._tcp.local.",,,,,,,
"2016-02-16 03:39:41","185.72.247.253","udp",5353,,"mdns",47447,"CZ","PRAHA","PRAGUE",0,0,,,,"_workstation._tcp.local.;","nerd.local.","185.72.247.253 185.72.247.34",,"nerd [00:16:3e:a5:1c:56]._workstation._tcp.local.",,,,,,,
"2016-02-16 03:39:41","129.217.12.243","udp",5353,"fiws243.cs.uni-dortmund.de","mdns",680,"DE","NORDRHEIN-WESTFALEN","DORTMUND",0,0,,,,"_workstation._tcp.local.; _udisks-ssh._tcp.local.;","fiws243.local.","129.217.12.243","fe80:0:0:0:3617:ebff:fec7:aaad","fiws243  34:17:eb:c7:aa:ad]._workstation._tcp.local.",,,,,,,
"2016-02-16 03:39:41","216.213.96.85","udp",5353,,"mdns",12124,"US","NEW YORK","NEW YORK",0,0,,,,"_workstation._tcp.local.;","ubuntu.local.","216.213.96.85","fe80:0:0:0:250:56ff:febe:47ad","ubuntu [00:50:56:be:47:ad]._workstation._tcp.local.",,,,,,,
"2016-02-16 03:39:41","108.178.55.254","udp",5353,"chicago1.escapedturkey.com","mdns",32475,"CA","QUEBEC","SAINT-LAURENT",0,0,,,,"_workstation._tcp.local.; _ssh._tcp.local.; _mumble._tcp.local.;","chicago1.local.","108.178.55.254 108.178.55.253 108.178.55.252 108.178.55.251 108.178.55.250  08.178.55.249 108.178.55","fe80:0:0:0:225:90ff:fe70:9be","chicago1 [00:25:90:70:09:be]._workstation._tcp.local.",,,,,,,

Our 73 Report Types