Ok, tuning back in....
That was so easy, ta!
Here's the result, with the total number of records exactly equalling the difference in my firewall rule's "blocked" count when I started and when I finished sniffing.
- "Whois 198.107.148.254" resolves this IP address to Western Digital MioNet despite the fact that I have disabled* this remote access service on the NAS!
- "Whois 224.0.0.22" does not resolve to a domain name but Google returned
The World Knocks at the Door of Your Internet Connection Joejolly’s Weblog !
- "Whois 224.0.0.251" doesn't give any clues.
- "Whois 239.255.255.250" doesn't give any clues.
- "Whois 235.1.1.1" does not resolve to a domain name but Google indicates that it's probably connected to the (Twonky Media) streaming service on the NAS that we use to allow our two WiFi radios to play all music from the NAS; although I wanted to keep it as a backup-only device, the lure of always on music was tempting for the family so I invoked it at the weekend.
Any comments on the missing pieces, please?
*WD have acknowledged a bug in response to a support case that I logged whereby it is impossible to fully disable the MioNet service on the NAS. It restarts by itself every half an hour and when the server is booted even if the "do not start MioNet" flag was selected before shutdown. From Wireshark it seems that it's slumbering rather than hibernating when disabled too as the blocked traffic is from when the NAS admin console reports that MioNet is "off"!