How to see what traffic is going out through the firewall

  • I need to find out if there is a computer on my network that is sending extra traffic out that might be causing us to be blocked by network hops.

    We are using a POP3 server for our email and starting yesterday we would lose contact to that server for about 10 to 15 minutes but only if we went through the firewall. If I hooked directly to the Comcast modem I could connect. After 3 to 4 times of this, I used PingPlotter to see where it was failing and noticed that we were making it about 11 hops before 100% packet drops for the remaining 5 hops.

    I am thinking that somehow our IP address is getting flagged and we are blocked for a set amount of time. All other traffic (Data, Voice) works fine during this time window.

    Need to find out where to look in the firewall to see what traffic is being sent.

    We are using pfSense 2.3

    Thanks for any help offered.

  • LAYER 8 Global Moderator

    you can sniff (packet capture, diag menu) on either wan interface or your interface your traffic enters pfsense for the IP of this pop3 server and port.  Prob need to update from the default limit of 100 packets and let it run for a while.  Then download that capture into your fav analyzer say wireshark and take a look see what is going on.

Log in to reply