I applied Egress filters on my external routers to only allow out my valid NAT IPs. looking at the logs I see single packets with spoof addresses blocked every 15 to 20 minutes
How can I find where these are coming from. I assume a sniffer which i do not have. If it is a Sniffer that is needed are there any recommended ones and how is it used in a switched environment.
Thanks