Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    View Specific Details About Traffic

    Scheduled Pinned Locked Moved Traffic Monitoring
    3 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sned
      last edited by

      Hi, new guy here. I know enough about firewalls to be dangerous. I work in a building with about 8 employees that use the internet. The other day we had a security breach that wasn't detected for a few days. I was able to find out about this breach by stumbling across irregular data usage in graphs in our Meraki Firewall. One client used downloaded about 130 gigs of data (with only a couple hundred megs of data uploaded during that time). Once we took that machine down, the next night another PC uploaded about 20 gigs of data which was abnormal. I can see how much data was used and I can see where the data went but what I want to see is what the data was and it's driving me nuts. If files were moved what files were they? What data was in the 130 gigs of data that the firewall says was downloaded to the first PC?

      How do I do this? Most connections used port 80 or 443. We are currently using a Meraki firewall. I've used pfSense in the past and we're playing with it now. I just don't know how to dial down and see what the data was.

      Sned

      1 Reply Last reply Reply Quote 0
      • S
        sned
        last edited by

        Crickets? LolĀ  ;)

        1 Reply Last reply Reply Quote 0
        • F
          fsr
          last edited by

          I doubt you can know what files were uploaded. You should ask Meraki for support, or post in their forums.
          You could check the logs to see what IPs were involved and try to get some data on them with a whois lookup. Talk to the users, check their machines for malware, and applications that could have downloaded and uploaded such amounts of data. No need to say, that if the machines are running Windows 10 and they have the option to share windows updates by peer-to-peer to the internet, that could do it. Microsoft in their incredible wisdom decided to enable things like that with little (if any) control over the amount of BW used.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.