Accessibility Resource Center Skip to main content
Get it fast with In-store & curbside pickup or same day delivery.

Log traffic from a specific MAC address?

SOLVED
Reply
cbad411
Contributor
Contributor
Posts: 1
Registered: ‎02-15-2021

Log traffic from a specific MAC address?

Message 1 of 2
(273 Views)

Hi Team,

 

I have a sketchy Chinese IP camera, a Dericam.  

 

For security, I've identified it's MAC address, and told my firewall to block all outgoing traffic.   Firewall is built into my Verizon router Fios-G1100.  I made a network object, and added the MAC address of the Dericam, then said block all traffic to/from internet.

 

How can I generate a security log, if the Dericam attempts to make an outside connection?  

 

thanks

Carl

1 ACCEPTED SOLUTION

Accepted Solutions
Cang_Household
MVP MVP
MVP
Posts: 889
Registered: ‎09-06-2020

Re: Log traffic from a specific MAC address?

Message 2 of 2
(271 Views)

You can log blocked connection attempts by going to Firewall > Security Logs > Settings > Check relevant categories.

FirewallLog.PNG

 

You need to check the log at a different place by going to System Monitoring > System Logging > Firewall Log.

Here is an example of the log entry with interpretations.

FirewallLogEntry.PNG

Red box: IN: in-bound interface, br-lan stands for bridged LAN (including 4 port switch, wireless APs, and coax). OUT: out-bound interface, eth1 stands for the WAN Ethernet interface.

Green underlined: MAC address of router (48:5d:36 is the OUI of Verizon Business).

Orange underlined: MAC address of device initiating connection (could be your IP camera).

SRC: source IP address

DST: destination IP address

TTL: time to live. A small number means the packet passed over too many routers. The packet likely comes from oversea sources.

PROTO: next encapsulation protocol. Could be TCP, UDP, ICMP, or even AH and ESP for VPN traffic.

SPT: source port.

DST: destination port. From the port number you can identify the application layer protocol such as HTTP/HTTPs, SSH, FTP, or even ISAKMP for IPsec VPN key exchange.

 

If you are too worried, you can even set up a Syslog server to receive the logs generated by G1100.

View solution in original post

1 REPLY 1
Cang_Household
MVP MVP
MVP
Posts: 889
Registered: ‎09-06-2020

Re: Log traffic from a specific MAC address?

Message 2 of 2
(272 Views)

You can log blocked connection attempts by going to Firewall > Security Logs > Settings > Check relevant categories.

FirewallLog.PNG

 

You need to check the log at a different place by going to System Monitoring > System Logging > Firewall Log.

Here is an example of the log entry with interpretations.

FirewallLogEntry.PNG

Red box: IN: in-bound interface, br-lan stands for bridged LAN (including 4 port switch, wireless APs, and coax). OUT: out-bound interface, eth1 stands for the WAN Ethernet interface.

Green underlined: MAC address of router (48:5d:36 is the OUI of Verizon Business).

Orange underlined: MAC address of device initiating connection (could be your IP camera).

SRC: source IP address

DST: destination IP address

TTL: time to live. A small number means the packet passed over too many routers. The packet likely comes from oversea sources.

PROTO: next encapsulation protocol. Could be TCP, UDP, ICMP, or even AH and ESP for VPN traffic.

SPT: source port.

DST: destination port. From the port number you can identify the application layer protocol such as HTTP/HTTPs, SSH, FTP, or even ISAKMP for IPsec VPN key exchange.

 

If you are too worried, you can even set up a Syslog server to receive the logs generated by G1100.

View solution in original post

How-To Videos
 
The following videos were produced by users like you!
   
Videos are subject to the Verizon Fios Community Terms of Service and User Guidelines and contains content that is not created by Verizon.
Have a spare Fios-G1100?Learn how to bridge it into your network
Get Started


Covid19

Browse Categories
Categories:
Posts

Verizon Troubleshooters
Unable to find your answer here? Try searching Verizon Troubleshooters for more options.