1

I have a few IP spoof dropped messages coming out of my Sonicwall firewall, we'll call them Source A and Source B. Both of these sources have the same mac address indicating they're coming from the layer 3 switch behind my firewall. Source A has an ip within a valid subnet on my network and it shows up in the ARP table of my layer 3 switch. I was able to trace the exact location and fix the issue. Source B's ip however, is not within valid subnet on my network and it's not showing up in my layer 3 switches arp table. Any idea how I can trace the location of this device within my network?

Thanks in advance.

Jared
  • 31
  • 1
  • 1
  • 5

1 Answers1

0

Run "show mac address-table" on your switches (inside and outside the firewall), this will give you a list of the mac addresses and the physical ports they are connected to. Once you have the physical port, you known the computer that is spoofing.

Justin Hourigan
  • 345
  • 1
  • 9
  • I don't know the mac address of the device in question so that will not work. I only have the mac address of the previous hop which is the layer 3 switch. – Jared Nov 23 '12 at 21:08