[Oisf-users] Finding the source of a broadcast
James Moe
jimoe at sohnen-moe.com
Fri Apr 24 06:18:59 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello,
suricata 2.0.7
linux v3.16.7-7-desktop x86_64
One of the alerts generated by suricata is for a "VLAN unknown
type." It is, however, a broadcast from a device that implements a
Spanning Tree Protocol (STP). This would imply a router.
All I have is the MAC address of the device that is generating the
broadcasts; they occur every 2 seconds. It does not match with any of
the known devices or hosts on our network. Also: "This kernel does not
support RARP." Hmph.
Ethernet II, Src: Echostar_17:53:1f (00:0d:c5:17:53:1f), Dst:
Broadcast (ff:ff:ff:ff:ff:ff)
Can any one suggest a method of finding which device is emitting the
broadcast?
- --
James Moe
moe dot james at sohnen-moe dot com
520.743.3936
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iEYEARECAAYFAlU54FMACgkQzTcr8Prq0ZPMBACfVHsOEz2Qi6/utVn7VH3YmAKY
hQ0AoKXo4de2qJ1KB6j6u3olrtOAAVws
=6mLD
-----END PGP SIGNATURE-----
More information about the Oisf-users
mailing list