cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2245
Views
0
Helpful
2
Replies

Deny IP spoof from (0.1.0.5) to 0.1.0.5 on interface inside!!!

Sundeep Dsouza
Level 1
Level 1

Has anyone come across this log message on ASA. A little bit of research indicates that this IP belongs to some "Microsoft TV/Video Connection" network adapter, a media center PC looks like. Unable to find the mac address and this does not help my cause in detecting the switchport.

Any ideas in tracing this one down.

Regards

1 Accepted Solution

Accepted Solutions

fadlouni
Level 1
Level 1

Hi.

I recommend you do a packet capture on the FWSM itself, then check what is the source mac-address of the packet and trace it down on the switches.

here is a doc about capturing:

https://supportforums.cisco.com/docs/DOC-1222

then check on the switch in the mac-address-table on which port did the switch receive this mac address, and then trace it on that port, if that port is connected to another switch, then do the same on the other switch until you get to the host.

Regards,

Fadi.

Does this Answer your question? if yes, please mark this thread as answered.

View solution in original post

2 Replies 2

fadlouni
Level 1
Level 1

Hi.

I recommend you do a packet capture on the FWSM itself, then check what is the source mac-address of the packet and trace it down on the switches.

here is a doc about capturing:

https://supportforums.cisco.com/docs/DOC-1222

then check on the switch in the mac-address-table on which port did the switch receive this mac address, and then trace it on that port, if that port is connected to another switch, then do the same on the other switch until you get to the host.

Regards,

Fadi.

Does this Answer your question? if yes, please mark this thread as answered.

Thanks pal, the log is no longer visible now, but since I now know the method to know the mac address, I can figure this out if it occurs again.

Regards

Review Cisco Networking for a $25 gift card