Accessibility Resource Center Skip to main content
Get it fast with In-store & curbside pickup or same day delivery.

Who Me Too'd this solution

Cang_Household
Gold Contributor III Gold Contributor III
Gold Contributor III
Posts: 881
Registered: ‎09-06-2020

Re: Log traffic from a specific MAC address?

(265 Views)

You can log blocked connection attempts by going to Firewall > Security Logs > Settings > Check relevant categories.

FirewallLog.PNG

 

You need to check the log at a different place by going to System Monitoring > System Logging > Firewall Log.

Here is an example of the log entry with interpretations.

FirewallLogEntry.PNG

Red box: IN: in-bound interface, br-lan stands for bridged LAN (including 4 port switch, wireless APs, and coax). OUT: out-bound interface, eth1 stands for the WAN Ethernet interface.

Green underlined: MAC address of router (48:5d:36 is the OUI of Verizon Business).

Orange underlined: MAC address of device initiating connection (could be your IP camera).

SRC: source IP address

DST: destination IP address

TTL: time to live. A small number means the packet passed over too many routers. The packet likely comes from oversea sources.

PROTO: next encapsulation protocol. Could be TCP, UDP, ICMP, or even AH and ESP for VPN traffic.

SPT: source port.

DST: destination port. From the port number you can identify the application layer protocol such as HTTP/HTTPs, SSH, FTP, or even ISAKMP for IPsec VPN key exchange.

 

If you are too worried, you can even set up a Syslog server to receive the logs generated by G1100.

View solution in original post

Who Me Too'd this solution