Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    High Traffic on Layer 2 Interface without IP - ntopng

    Scheduled Pinned Locked Moved
    Traffic Monitoring
    1
    1
    416
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pfnewb2016
      last edited by

      I am trying to determine traffic usage by IP across 3 VLANs.  Initially it looked like WAN Traffic exceeded Host traffic by 24GB.  After checking again I found 24GB of usage for a physical interface without an IP.  This is confusing for several reasons.

      1. Physical interface without an IP, shouldn't be able to access internet.
      2. Why would pfsense/ntop use 24GB in 5 days?

      SG-2440
      pfsense 2.42
      ntopng v3.0.171218

      cellular router 172.16.100.1
        |
        |
      igb0 WAN / 172.16.100.2
      igb1 LAN / 10.1.1.1
      igb2 OPT1 / no IP
      igb2.10 / 10.4.10.1 MGMT
      igb2.20 / 10.4.20.1 WIFIGUEST
      igb2.30 / 10.4.30.1 WIFISTAFF

      Traffic Totals (from Host Tables)
      igb0 WAN  26GB
      igb1 LAN    0
      igb2 OPT1  0
      igb2.10      1GB
      igb2.20      0
      igb2.30      1GB

      Host traffic = 2GB vs WAN traffic 24GB, doesn't add up.  More checking, I found:

      Layer 2 Devices: MAC of igb2 = 24GB Traffic. 
      Traffic for WAN vs Host + Layer 2 are now equal but how, why?

      Possibly unrelated, I suspected a webcam as the cause of the traffic.  Searching for the webcam host in ntop returns host 10.4.10.251 cannot be found and has probably expired.  This happens while I'm connected to the webcam and I can confirm it's regularly uploading.

      Thanks for your help.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post