Hi, I've noticed according to the firewall log an internal address is trying to ping itself constantly! This is very strange. See attached
My network is 192.168.0.1/24. I've checked ARP table and it only shows 192.168.0.x addresses as expected. Also checked routes and there is nothing for anything 10.x.x.x.
I wondered if it was something to do with VPNs, so I actually disabled both the OpenVPN and WireGuard services and its still continuing.
I downloaded the config XML and searched for 10.67.28.140 and 10.67 in and there is nothing found.
I don't have many plugins just ntopng.
Any ideas?
Thanks
Use
tcpdump -i <interface> -n -e icmp
to find the source MAC address and look up the vendor prefix here:
https://www.macvendorlookup.com
That should give you a hint about the device. You have a misconfigured $something connected to your network.
Quote from: Patrick M. Hausen on October 11, 2024, 04:37:54 PM
Use
tcpdump -i <interface> -n -e icmp
to find the source MAC address and look up the vendor prefix here:
https://www.macvendorlookup.com
That should give you a hint about the device. You have a misconfigured $something connected to your network.
Thanks for reply, what am i doing wrong here? it's on the LAN interface...
root@OPNSense:~ # tcpdump -i LAN -n -e icmp
tcpdump: LAN: No such device exists
(No such device exists)
root@OPNSense:~ # tcpdump -i "LAN (bridge0)" -n -e icmp
tcpdump: LAN (bridge0): No such device exists
(No such device exists)
I tried lowercase etc as well
-i bridge0
Thanks for your help, found it