WAN constantly receiving ~8 - ~40Mbit
-
Hi,
I've stumbled upon something rather strange. Lately I've noticed the pfSense traffic graphs show that I receive ~8 - ~40Mbit of constant traffic towards the WAN port. It never passes to the LAN so I am wondering what traffic this is.
This is the WAN side, as you can see it's raised from 8 to around 40Mbit of constant traffic, this happened when the pfSense was upgraded to the latest version:
and the lan side:
Does anyone have any idea why this is happening, I can't explain the 8Mbit either, so any help on troubleshooting on this would be greatly appreciated.
Info about the box:
2.1-BETA0 (amd64) - built on Wed Nov 7 13:10:53 EST 2012
CPU - Intel
Core i3-2120T
Motherboard - ASUS P8H77-I
Memory - Kingston DDR3 HyperX blu 1600MHz 8GB
Hard Drive - Western Digital Scorpio Blue 120GB
NIC - Fujitsu D2735-2 Dual gigabit – based on the Intel chip 82576NS
Connection/ISP - 1000/1000 Mbit FiberEdit 1:
The traffic graph from pfSense itself:
pfsense: 2.1.5-RELEASE, AMD64
Running on: MB/CPU: ASUS P8H77-I / Core i3-2120T | MEM: 8GB DDR3 | HDD: WD Blue 120GB 2.5" SATA | WAN/LAN: Fujitsu D2735-2 – Intel® chip 82576NS | WLAN: Realtek® 8111F PCIe | Connection: 1000/1000Mbit (Bredband2.com)
[
/U -
why don't you sniff and see what that traffic is made up of. How would upgrading pfsense cause INBOUND traffic to your wan??
Are you saying it misreported? Again sniffing would show you want is being seen on the interface.
-
why don't you sniff and see what that traffic is made up of. How would upgrading pfsense cause INBOUND traffic to your wan??
Are you saying it misreported? Again sniffing would show you want is being seen on the interface.
It looks strange and it caught my attention, I don't care if it's only 8 or 40 Mbit it doesn't really matter, what matters is to understand why.
Here is a report, I don't know what to tell from it to be honest - I've attached it.pfsense: 2.1.5-RELEASE, AMD64
Running on: MB/CPU: ASUS P8H77-I / Core i3-2120T | MEM: 8GB DDR3 | HDD: WD Blue 120GB 2.5" SATA | WAN/LAN: Fujitsu D2735-2 – Intel® chip 82576NS | WLAN: Realtek® 8111F PCIe | Connection: 1000/1000Mbit (Bredband2.com)
[/U -
So most of that is multicast UDP
non-234-179.ipredate.net.50023 > 239.100.5.1.1234
And a bunch of other .2, .7, in this same multicast range
I would guess IPTV based stream??? But without seeing the actual packet details its hard to say for sure.
ipredate.net – I show that as
NetRange: 208.87.32.0 - 208.87.39.255
CIDR: 208.87.32.0/21
OriginAS:
NetName: SECUREHOSTCould be someone trying to request some sort of video stream?
Clearly ODD, you might be able to gleen some better info from the details of the packets. Do a capture on pfsense diag, and then open it up in your fav analyzer -- wireshark for example
