I'm working on a network that uses a private IP range (192.168.x.x), and I've noticed I'm getting ICMP Destination Unreachable packets from a different private IP range (10.128.x.x). The thing is, I don't know of any devices on my network that should be using that 10.128 range. My goal is to track down where these packets are coming from, but I'm not sure how to start. My subnet's gateway is our firewall, and its ARP cache doesn't show any 10.128.x.x addresses. Any advice?
2 Answers
What specific IP are you seeing, like is it 10.128.128.128?
You might want to run a Wireshark session. Grab the MAC address from the packets you see, and that could help you trace which network port it's coming from.
Wireshark shows the packets are coming from the AP I'm connected to, but I'm puzzled about how it has that IP. It's not reflected in the Dashboard.
Yes, it is! We're using Meraki devices. I've checked all SSIDs, and none are in NAT mode. Could this indicate someone set up another access point on the network?