Protocol 2 is IGMP (Internet Group Management Protocol)
It is defined by RFC 1112. This is usually used for multi-casting (but now always).
I’d recommend that you look at http://www.iana.org/assignments/igmp-type-numbers
to further see what this is that you’re concerned about.
The destination address of 224.*-whatever should alert you to the fact that this is a multicast.
Although it could be an attack (wearing my paranoid hat here), It’s generally unlikely that it IS an attack.
Check the source address, (which you’ve obfuscated), and then go through your firewall logs and see if anyone is sending requests to anything even CLOSE to that address-wise.
Good luck, and good hunting,