I'm seeing all kinds of crazy ip src/dst addresses, MAC addresses and protocol numbers showing up in syslog flow reports coming out of MR33s. For example:
src=0.0.1.0 dst=0.0.0.0
src=226.203.172.48
protocol=16
protocol=g (that's not a typo - lowercase 'g')
There are also numerous examples wherein the last two octets of a dst address (in decimal form) match the first two octets of the MAC address (in hex notation). So for example the dst address is x.x.228.112 and the first two octets of the MAC just happen to be E4:70
I haven't been able to capture any of these unicorn flows in PCAP so I suspect that it's some kind of bug in how the MR33 goes about building the message string.
Has anybody else run into this? Just curious.