Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2252
Views
0
Helpful
2
Replies

Deny IP spoof from (0.1.0.5) to 0.1.0.5 on interface inside!!!

Go to solution
Sundeep Dsouza
Level 1
Level 1

‎02-09-2011 12:17 AM - edited ‎03-11-2019 12:47 PM

Has anyone come across this log message on ASA. A little bit of research indicates that this IP belongs to some "Microsoft TV/Video Connection" network adapter, a media center PC looks like. Unable to find the mac address and this does not help my cause in detecting the switchport.

Any ideas in tracing this one down.

Regards

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
fadlouni
Level 1
Level 1

‎02-11-2011 05:23 AM

Hi.

I recommend you do a packet capture on the FWSM itself, then check what is the source mac-address of the packet and trace it down on the switches.

here is a doc about capturing:

https://supportforums.cisco.com/docs/DOC-1222

then check on the switch in the mac-address-table on which port did the switch receive this mac address, and then trace it on that port, if that port is connected to another switch, then do the same on the other switch until you get to the host.

Regards,

Fadi.

Does this Answer your question? if yes, please mark this thread as answered.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
fadlouni
Level 1
Level 1

‎02-11-2011 05:23 AM

Hi.

I recommend you do a packet capture on the FWSM itself, then check what is the source mac-address of the packet and trace it down on the switches.

here is a doc about capturing:

https://supportforums.cisco.com/docs/DOC-1222

then check on the switch in the mac-address-table on which port did the switch receive this mac address, and then trace it on that port, if that port is connected to another switch, then do the same on the other switch until you get to the host.

Regards,

Fadi.

Does this Answer your question? if yes, please mark this thread as answered.

0 Helpful

Go to solution
Sundeep Dsouza
Level 1
Level 1
In response to fadlouni

‎02-14-2011 04:13 AM

Thanks pal, the log is no longer visible now, but since I now know the method to know the mac address, I can figure this out if it occurs again.

Regards

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card