Thursday, April 8, 2021

Could use some networking advice

Extreme Troubleshooting Issue

Preface: there are 3 “hosts” in the picture.

Ubuntu 18.04 (me) Cisco Meraki (middle man) Business office (pubIP, verizon fios)

I have a Linux host running ubuntu 18.04. There is unexpected incoming traffic from the busines office that is routed through a Cisco Meraki (source mac address retrieved via tcpdump -e resolves to the Meraki) contacting my server on port 89(arbitrary). Looking for ways to pinpoint the unexpected traffic with a MAC address from the business office. FYI we need this port open for functionality, but we cant have unidentified traffic spamming the port.

Have already:

  • looked at business office outbound router logs (gives no info about destination or port)
  • looked at the Meraki logs to see inbound requests
  • tried solarwinds/wireshark/prtg from the business office, but unable to see any outbound connections to the meraki)
  • viewed established connections regularly via netstat on ubuntu host, but really leads no where. We need to pinpoint the traffic to a MAC address at the business office.

My next two options seem to be:

-take a second look at the Meraki with Wireshark to get more info on incoming connections that are being sent to my ubuntu host. -Contact Verizon fios and see if the address is being spoofed or if there is an issue with the ip they can look into.

Any other ideas are very welcome. If you are reading this, I hope you have an amazing day. Live life to the fullest.



No comments:

Post a Comment