Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Monitoring local traffic?

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 3 Posters 670 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      ILLCOMM
      last edited by

      As a cord cutter I bought a product to capture and stream local broadcast channels across my network: https://www.airtv.net/products/airtv/

      It works. :)

      I am trying to "see" the traffic that AirTV is sending across the network, in this case to a FireTV which is streaming the content (via SlingTV app which integrates with AirTV).

      Using iftop or pftop I don't see the traffic coming from my AirTV ip and going to my FireTV ip.

      I am no expert, so I am assuming that this LAN traffic is happening on some sort of protocol that iftop or pftop don't capture and I don't understand. Was hoping someone could help me see this traffic. I am getting some intermittent stuttering in the stream and am trying to figure out root cause and think this might help.

      TIA!

      1 Reply Last reply Reply Quote 0
      • JKnottJ
        JKnott
        last edited by

        How are you trying to see the traffic?  PfSense includes Packet Capture, but it will only capture traffic that actually reaches it.  With switches, most of the traffic passes only between the source and destination, so unless it's broadcast or multicast, pfSense will not likely see it, unless it's actually passing through pfSense.  What I have done is I bought a cheap managed switch, which I configured for port mirroring.  With this, I connect a computer running Wireshark to port one and one side of the connection I want to monitor on port 2, with the other side of the connection through any other port.  This way, I can monitor all traffic between a device and the switch.  If your network is built around a managed switch, you should be able to set up port mirroring with it.

        PfSense running on Qotom mini PC
        i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
        UniFi AC-Lite access point

        I haven't lost my mind. It's around here...somewhere...

        1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by

          What he said.

          LAN traffic is probably happening on LAN and the firewall (A router, not involved in delivering same-subnet traffic) is not seeing the traffic at all.

          You'll probably need to create a SPAN/monitor port on your switch and capture there.

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • I
            ILLCOMM
            last edited by

            Thank you both. This was the "not an expert" qualification, although this seems pretty basic so I am embarrassed! It would appear that this traffic is simply between source and dest and pfSense isn't seeing anything.

            I don't have a managed switch, though will be getting one soon to set up VLANs. Maybe I can try again then.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.