Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

Strange Network Traffic from Spoofed IP address.

Hello All-

     I have been working on an issue for several days now, and I would like some input.  I stubbled upon some strange traffic while setting up a sys log server for my ASA.  I am recieving the following message:

%ASA-4-313005: No matching connection for ICMP error message: icmp src inside: dst inside: (type 3, code 13) on inside interface.  Original IP payload: udp src dst

This message is showing the "foreign IP" of sourced on the inside interface.  I believe that a machine on our LAN is being spoofed with this address.  The destination address of "" is not a vaild address.  We currently have no network.

My first step to track down this machine or machines that is creating this traffic has been:

I have setup the network on a Catalyst 3750 L3 switch.  I have attached a machine with a address and ran Wireshark in hopes to capture the packets in order to view the true source ip address?  I have been unsuccessful in this approach.

Can anyone provide any suggestions?

CreatePlease to create content