Guest User!

You are not Sophos Staff.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Source & destination mac address in logs?

Can anybody explain what the source mac address & destination mac address relates to in the firewall logs?

The reason I ask is because of the logs below. The source IP addresses (3rd octet = 26, 11 & 27) are 60 miles apart from each other??

09:43:25

Default DROP

UDP

 

172.31.26.3

:

16403

17.155.127.222

:

16384

 

len=44

ttl=57

tos=0x00

srcmac=24:e9:b3:85:0d:c0

dstmac=00:1a:8c:f0:1d:a0

09:43:25

Default DROP

UDP

 

172.31.26.3

:

16403

17.155.127.222

:

16385

 

len=44

ttl=57

tos=0x00

srcmac=24:e9:b3:85:0d:c0

dstmac=00:1a:8c:f0:1d:a0

 

09:43:25

Default DROP

UDP

 

172.31.26.3

:

16403

17.155.127.223

:

16386

 

len=44

ttl=57

tos=0x00

srcmac=24:e9:b3:85:0d:c0

dstmac=00:1a:8c:f0:1d:a0

09:43:25

Default DROP

UDP

 

172.31.11.118

:

16403

17.155.127.222

:

16384

 

len=44

ttl=58

tos=0x00

srcmac=24:e9:b3:85:0d:c0

dstmac=00:1a:8c:f0:1d:a0

 

09:43:25

Default DROP

UDP

 

172.31.11.118

:

16403

17.155.127.222

:

16385

 

len=44

ttl=58

tos=0x00

srcmac=24:e9:b3:85:0d:c0

dstmac=00:1a:8c:f0:1d:a0

09:43:25

Default DROP

UDP

 

172.31.11.118

:

16403

17.155.127.223

:

16386

 

len=44

ttl=58

tos=0x00

srcmac=24:e9:b3:85:0d:c0

dstmac=00:1a:8c:f0:1d:a0

 

09:43:25

Default DROP

UDP

 

172.31.27.37

:

16403

17.155.127.222

:

16384

 

len=44

ttl=61

tos=0x00

srcmac=24:e9:b3:85:0d:c0

dstmac=00:1a:8c:f0:1d:a0



This thread was automatically locked due to age.
Parents Reply Children
  • HI Bob,

    the strange thing is the ip addresses and the port numbers. The source ip's are 60 miles apart (172.31.xxx.yyy)
    xxx is our subnets and I know exactly where they are and to also transmit on the same dynamic port at the same time? It's strange.