Ask Your Question

Revision history [back]

How to find Source device details

How much source device details we can get from a captured data? For instance I'm trying to find out the host which is continuously probing on our firewall. So I'm trying to figure out if I can get the type of device which is hitting our firewall, though the connection is dropped by the firewall.

I can see a tab on the packet details > Linux cooked capture > under which there is a "Source" field" like the below which I assume it is the MAC address of the device and the string "Checkpoi" indicates it is sent from a firewall may be Checkpoint?

Any insight is appreciated. Source: CheckPoi_63:86:3a (00:1c:7f:63:86:3a)