Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Strange DNS traffic


i am trying to optimiz my lab environment and at the moment it is DNS is am working on.

Sonicwall is configured as proxy, external interface is

Router is

What is strange - packet capture is showing this packets:


Ethernet Header

 Ether Type: IP(0x800), Src=[2c:b8:ed:a5:12:31], Dst=[2c:b8:ed:a5:12:31]

IP Packet Header

 IP Type: UDP(0x11), Src=[], Dst=[]

UDP Packet Header

 Src=[53], Dst=[57720], Checksum=0x1397, Message Length=138 bytes

Application Header



Consumed, Module Id:48 2:2)


Seems like IP is sending a DNS request to the external interface.

The MAC for sender and receiver is identical?

So i thought there might be any config in the firewall using on X1 interface but there's none i can find in the tech support file.

Any idea what is causing this traffic?



Category: Entry Level Firewalls


  • BWCBWC Cybersecurity Overlord ✭✭✭

    @Günter I have no real explanation for this, but the seems to give the reply packet to

    • Did you search the TSR for
    • Can you find in your ARP cache?
    • Did you examined the DNS packets to see what the Request and Reply was, maybe this provides more info?


Sign In or Register to comment.