Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 809 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Finding a MAC address

FrasianX0

What is the best way to locate a rouge devices MAC address that was connected to our network using XGS firewall and or XDR? 



This thread was automatically locked due to age.
  • 0

    Hello  ,

    Thank you for reaching out to the community, Enable Spoof protection trusted MAC

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0

    When you say "was connected" are you asking a hypothetical as in "given that a rogue device is connected, how would you detect it" or do you literally mean that one was connected in the past and you're trying to look back to figure out what and when?

    Assuming you're wanting to look into the past: I'm thinking if the device got an IP address via DHCP, that associates a MAC address with the IP and the record of that might still be accessible. Also, there are neighbor tables that have MAC addresses of neighbors.

    But MAC addresses can be spoofed, so do you really want a MAC address? What's your goal? Also, was this wired or wireless (and do you use Sophos APs)?

Unfiltered HTML