What's new
SNBForums

This is a sample guest message. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Skynet Source LAN IP for outbound IP blocked by SkyNet

buzzy

Occasional Visitor
How do I find the local source LAN IPs for outbound IP addresses that are blocked by Diversion Skynet? Basically, whodunnit? I have SkyNet and local Pi-Hole running, but not Diversion. In looking at the top 10 Blocks (Outbound) list in SkyNet, I see the IP addresses and the AlienVault information, but I want to trace it back to my LAN to see which device is trying to reach out to these blocked IPs? It doesn't seem to appear in Pi-Hole but maybe I am not sure how to query it because it only shows domain (non-IP) entries.

Bonus question: if I can figure it out that it's a specific Windows device, is there any particular log in Windows that helps me determine which application is trying to reach these blocked IPs?
 
Last edited:
How are Diversion and Pi-Hole both blocking? I’m confused. Where do you actually see the blocks?
 
How are Diversion and Pi-Hole both blocking? I’m confused. Where do you actually see the blocks?
Sorry, I meant Skynet. I am not using Diversion. Pi-Hole is just doing it's usual duties as DNS Server to block ads etc., even though it's somewhat of an overlap with SkyNet. DNS does keep great logs of logs, but only the domain names, but not the actual IP addresses, as far as I know.
 
If Skynet is blocking, you can see stats by running
Code:
firewall stats search ip 12.34.56.78
where the IP would be the destination IP you see being blocked.
 
If Skynet is blocking, you can see stats by running
Code:
firewall stats search ip 12.34.56.78
where the IP would be the destination IP you see being blocked.
Awesome! This is exactly what I was looking for, thanks!

As a minor note, the section titles (in red) state "10 Most Recent Blocks From x.x.x.x", etc, rather than something like " ... Outgoing Blocks To x.x.x.x". Again, very minor.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Back
Top