devrand0m Posted September 26, 2017 Share Posted September 26, 2017 First question ... I was looking at the firewall log on my wireless router. There were number of entries that said that outbound connection was blocked due to invalid source IP. My router's dhcp range is 172.27.0.1 to 172.27.0.253 (254 is the router). The invalid IP is 172.16.40.48. How can this IP address even exist on my network? Even if someone manually assigned that IP to his/her computer, how can that even get routed to gateway? Also I only have around a dozen devices attached to this router and each devices is accounted for. How can I figure out what the invalid IP device is? Second question, kind of related. I was trying to figure out what was happening with my network so I fired up Wireshark hoping there would be some clue with regard to the spoofed IP above. Connected my laptop directly to the wireless router's ethernet port. Started Wireshark with the ethernet adapter in promiscuous mode. Tons of packets...however, after a while, I noticed one thing. To and from my computer, I could see all outbound and inbound packets. However, with other devices on the net, I could only see them when they were sending to broadcast address (255.255.255.255 or 172.27.0.255). I thought in promiscuous mode, I was supposed to be able see all packets, not just mine+broadcast. In addition to the IP problem above, I have an old XP box on my net that keeps trying to send out packets with invalid state to an unknown IP (actually an IP in China) which the firewall keeps blocking, and I'd like to examine the packets. Thanks. Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.