That sounds like an address from the standard example.pcap used to demo metron capability. In a real deployment you should not run pcap-replay which is what inserts this demo data.
Simon > On 21 Sep 2017, at 00:29, Frank Horsfall <[email protected]> > wrote: > > Morning all, > > I have several logs showing an address of 192.168.138.158 as ip_src_addr and > 192.168.138.2 as ip_dst_addr. > > My internal network does not have the 192.168.0.0/24 range which leads me to > believe that somewhere there is a test record with the data. > > Would anybody know where I might be able to find it? > > Frank >
