tekmunki
Tekmunki
Premium
join:2001-12-06
Lake City, FL
clubs: 
 ·NuVox Communications
1 edit |  Cisco ASDM Log (Deny Reverse Path Check)
I started seeing these in my Cisco 5520 logs... Any idea what could be causing it?
My "INSIDE" network is 172.168.0.0/16
Should I be concerned? The IP is an internal reserved, I assume something is misconfigured internally- however, tracking it could be a feat.  |
|
Lanik
Lab-nik
Premium,ExMod 2002-03
join:2001-06-25
Bay Area
| said by tekmunki  :... I assume something is misconfigured internally- however, tracking it could be a feat. That would be my first guess. How many clients are connected to this router?
--
"If it ain't broke don't fix it." |
|
bmn
? ? ?
Premium,ExMod 2003-06
join:2001-03-15
hiatus
| reply to tekmunki
»forums.cisco.com/eforum/servlet/···1dd9020e
As for tracking it down... You could try logging into the CLI of the ASA, get the MAC address (it should have it in it's cache) and then do a lookup of the manufacturer. Assuming you have managed switches, you can then login to the various switches and track the MAC address down to a specific switch port.
Used to do this kind of stuff all the time. We wouldn't know the exact location of a system, so we would follow the ports where the MAC address is showing up back to the last switch and we would find the port it is attached to.
--
Prove it...
Save the Internet Time (NTP) service, use the pool. |
|
tekmunki
Tekmunki
Premium
join:2001-12-06
Lake City, FL
clubs:
·NuVox Communications
| "show arp" didn't give me anything related to the 169 addresses, what other method did you have in mind to find the mac?
I can easily track the mac down if I can find it. 
--
TekMunki
"There are 10 types of people in this world, those who understand binary and those who don't."
www.tekmunki.com |
|
tekmunki
Tekmunki
Premium
join:2001-12-06
Lake City, FL
clubs:
·NuVox Communications
| reply to Lanik
said by Lanik :said by tekmunki :... I assume something is misconfigured internally- however, tracking it could be a feat. That would be my first guess. How many clients are connected to this router? Today, only around 50 clients.
--
TekMunki
"There are 10 types of people in this world, those who understand binary and those who don't."
www.tekmunki.com |
|
bmn
? ? ?
Premium,ExMod 2003-06
join:2001-03-15
hiatus
1 edit | reply to tekmunki
said by tekmunki :"show arp" didn't give me anything related to the 169 addresses, what other method did you have in mind to find the mac? I can easily track the mac down if I can find it. You will need a hub that you can place between all the uplinks to the router and the actual router itself. You will then need to download Wireshark ( »www.wireshark.org/ ) and capture packets from the wire in promiscuous mode to grab the MAC address.
If you don't have a hub, you'll have to use port mirroring. Port mirroring is the preferred method, BTW, as it will cause the least amount of disruption to the network.
Ignore the port mirroring part... Just realized you are using an ASA and it doesn't have the ports to do it IIRC (you need at least TWO on the LAN side).
--
Prove it...
Save the Internet Time (NTP) service, use the pool. |
|
