Can anybody explain what the source mac address & destination mac address relates to in the firewall logs? The reason I ask is because of the logs below. The source IP addresses (3rd octet = 26, 11 & 27) are 60 miles apart from each other?? 09:43:25 Default DROP UDP 172.31.26.3 : 16403 → 17.155.127.222 : 16384 len=44 ttl=57 tos=0x00 srcmac=24:e9:b3:85:0d:c0 dstmac=00:1a:8c:f0:1d:a0 09:43:25 Default DROP UDP 172.31.26.3 : 16403 → 17.155.127.222 : 16385 len=44 ttl=57 tos=0x00 srcmac=24:e9:b3:85:0d:c0 dstmac=00:1a:8c:f0:1d:a0 09:43:25 Default DROP UDP 172.31.26.3 : 16403 → 17.155.127.223 : 16386 len=44 ttl=57 tos=0x00 srcmac=24:e9:b3:85:0d:c0 dstmac=00:1a:8c:f0:1d:a0 09:43:25 Default DROP UDP 172.31.11.118 : 16403 → 17.155.127.222 : 16384 len=44 ttl=58 tos=0x00 srcmac=24:e9:b3:85:0d:c0 dstmac=00:1a:8c:f0:1d:a0 09:43:25 Default DROP UDP 172.31.11.118 : 16403 → 17.155.127.222 : 16385 len=44 ttl=58 tos=0x00 srcmac=24:e9:b3:85:0d:c0 dstmac=00:1a:8c:f0:1d:a0 09:43:25 Default DROP UDP 172.31.11.118 : 16403 → 17.155.127.223 : 16386 len=44 ttl=58 tos=0x00 srcmac=24:e9:b3:85:0d:c0 dstmac=00:1a:8c:f0:1d:a0 09:43:25 Default DROP UDP 172.31.27.37 : 16403 → 17.155.127.222 : 16384 len=44 ttl=61 tos=0x00 srcmac=24:e9:b3:85:0d:c0 dstmac=00:1a:8c:f0:1d:a0
↧