Skip to main content
Accessibility Resource Center Skip to main content
Get up to $500 when you bring the phone you love. OR get iPhone 13, on us. Online only. With Select 5G Unlimited plans. Ends 1.31. Buy now
end of navigation menu
Log traffic from a specific MAC address?
cbad411
Newbie

Hi Team,

I have a sketchy Chinese IP camera, a Dericam.  

For security, I've identified it's MAC address, and told my firewall to block all outgoing traffic.   Firewall is built into my Verizon router Fios-G1100.  I made a network object, and added the MAC address of the Dericam, then said block all traffic to/from internet.

How can I generate a security log, if the Dericam attempts to make an outside connection?  

thanks

Carl

0 Likes
1 Solution

Correct answers
Re: Log traffic from a specific MAC address?
Cang_Household

You can log blocked connection attempts by going to Firewall > Security Logs > Settings > Check relevant categories.

image

You need to check the log at a different place by going to System Monitoring > System Logging > Firewall Log.

Here is an example of the log entry with interpretations.

image

Red box: IN: in-bound interface, br-lan stands for bridged LAN (including 4 port switch, wireless APs, and coax). OUT: out-bound interface, eth1 stands for the WAN Ethernet interface.

Green underlined: MAC address of router (48:5d:36 is the OUI of Verizon Business).

Orange underlined: MAC address of device initiating connection (could be your IP camera).

SRC: source IP address

DST: destination IP address

TTL: time to live. A small number means the packet passed over too many routers. The packet likely comes from oversea sources.

PROTO: next encapsulation protocol. Could be TCP, UDP, ICMP, or even AH and ESP for VPN traffic.

SPT: source port.

DST: destination port. From the port number you can identify the application layer protocol such as HTTP/HTTPs, SSH, FTP, or even ISAKMP for IPsec VPN key exchange.

If you are too worried, you can even set up a Syslog server to receive the logs generated by G1100.

View solution in original post

Re: Log traffic from a specific MAC address?
Cang_Household

You can log blocked connection attempts by going to Firewall > Security Logs > Settings > Check relevant categories.

image

You need to check the log at a different place by going to System Monitoring > System Logging > Firewall Log.

Here is an example of the log entry with interpretations.

image

Red box: IN: in-bound interface, br-lan stands for bridged LAN (including 4 port switch, wireless APs, and coax). OUT: out-bound interface, eth1 stands for the WAN Ethernet interface.

Green underlined: MAC address of router (48:5d:36 is the OUI of Verizon Business).

Orange underlined: MAC address of device initiating connection (could be your IP camera).

SRC: source IP address

DST: destination IP address

TTL: time to live. A small number means the packet passed over too many routers. The packet likely comes from oversea sources.

PROTO: next encapsulation protocol. Could be TCP, UDP, ICMP, or even AH and ESP for VPN traffic.

SPT: source port.

DST: destination port. From the port number you can identify the application layer protocol such as HTTP/HTTPs, SSH, FTP, or even ISAKMP for IPsec VPN key exchange.

If you are too worried, you can even set up a Syslog server to receive the logs generated by G1100.