This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Finding a MAC address

What is the best way to locate a rouge devices MAC address that was connected to our network using XGS firewall and or XDR? 



This thread was automatically locked due to age.
Parents
  • When you say "was connected" are you asking a hypothetical as in "given that a rogue device is connected, how would you detect it" or do you literally mean that one was connected in the past and you're trying to look back to figure out what and when?

    Assuming you're wanting to look into the past: I'm thinking if the device got an IP address via DHCP, that associates a MAC address with the IP and the record of that might still be accessible. Also, there are neighbor tables that have MAC addresses of neighbors.

    But MAC addresses can be spoofed, so do you really want a MAC address? What's your goal? Also, was this wired or wireless (and do you use Sophos APs)?

Reply
  • When you say "was connected" are you asking a hypothetical as in "given that a rogue device is connected, how would you detect it" or do you literally mean that one was connected in the past and you're trying to look back to figure out what and when?

    Assuming you're wanting to look into the past: I'm thinking if the device got an IP address via DHCP, that associates a MAC address with the IP and the record of that might still be accessible. Also, there are neighbor tables that have MAC addresses of neighbors.

    But MAC addresses can be spoofed, so do you really want a MAC address? What's your goal? Also, was this wired or wireless (and do you use Sophos APs)?

Children
No Data