How to see source ip and destination ip traffic

Solved
AD01
Conversationalist

How to see source ip and destination ip traffic

Hi fellow net admins!

Just wanting to know if there is this page to see the source IP and destination IP that being passed or blocked?

If so, where do we see that?

 

br,

-AD

1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal

Packet capture is your best friend to see what is being allowed.

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Packet_Capture_Overvi... 

 

Amazingly, Meraki is the only firewall product I know of that doesn't have an easy way to see what traffic is being blocked.  You have to use syslog.

 

I'm been contemplating writing a syslog "server" in Python, purely to provide an easy way to be able to have something I can start on my computer to watch for short periods of time what is being blocked or allowed.

View solution in original post

6 Replies 6
MarcP
Kind of a big deal

you mean one of the following?

Before you need to go to network - generel and select "detailed traffic analyse"

 

Network - Traffic analyses

network - packet capture

clients detail page

AD01
Conversationalist

Hi MarcP, thanks for the response. yeah, that's good, it give you somehow general apps/traffic visibility. Not exactly like Palos for e.g., when you're trying to look for src IP and dst IP.  A simple and straightforward visibility.

PhilipDAth
Kind of a big deal
Kind of a big deal

Packet capture is your best friend to see what is being allowed.

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Packet_Capture_Overvi... 

 

Amazingly, Meraki is the only firewall product I know of that doesn't have an easy way to see what traffic is being blocked.  You have to use syslog.

 

I'm been contemplating writing a syslog "server" in Python, purely to provide an easy way to be able to have something I can start on my computer to watch for short periods of time what is being blocked or allowed.

rhbirkelund
Kind of a big deal
Kind of a big deal


@PhilipDAth wrote:
..

I'm been contemplating writing a syslog "server" in Python, purely to provide an easy way to be able to have something I can start on my computer to watch for short periods of time what is being blocked or allowed.


Something liket this? - https://gist.github.com/marcelom/4218010

 

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
PhilipDAth
Kind of a big deal
Kind of a big deal

That is excellent!  I'll take a closer look and see how I can make it more useful for firewalling.

AD01
Conversationalist

Hi PhilipDAth, appreciate your response. Yeah, it seems this would be a "nice to have" future feature. I think it is extremely useful considering it is a FW device.

 

Get notified when there are additional replies to this discussion.