Traffic coming from, Ethernet switch?

  • Warning, I'm very unfamiliar with pfSense.

    After looking through the System Firewall Logs, I noticed there is quite a bit of traffic coming from, to the destination I've researched my question before and noticed someone else on the forum called this "Out-Of-State-Traffic". If that is the correct term for what I'm seeing here, could someone please explain to me exactly what "Out-Of-State-Traffic" is? Also, should I do anything about this, or just ignore it as some other user suggested.

    My setup is as follows:

    Internet -> pfSense Router -> Ethernet Switch -> Asus Nighthawk (Set up in access point mode for wireless and additional Ethernet) -> PC I'm using to write this.

  • Galactic Empire

    IGMP can use as a source address :-

    IGMP Multicast Addresses

    IP multicast traffic uses group addresses, which are Class D IP addresses. The high-order four bits of a Class D address are 1110. Therefore, host group addresses can be in the range to

    Multicast addresses in the range to are reserved for use by routing protocols and other network control traffic. The address is guaranteed not to be assigned to any group.

    IGMP packets are transmitted using IP multicast group addresses as follows:

    IGMP general queries are destined to the address (all systems on a subnet).
    IGMP group-specific queries are destined to the group IP address for which the device is querying.
    IGMP group membership reports are destined to the group IP address for which the device is reporting.
    IGMPv2 leave-group messages are destined to the address (all devices on a subnet).
    IGMPv3 membership reports are destined to the address; all IGMPv3-capable multicast devices must listen to this address.

  • LAYER 8 Global Moderator

    You can setup a rule to not log it if you don't want to see the noise.  Or turn off the multicast at the source, or depending on your switch stop the multicast from hitting pfsense.  If you have a smart/managed switch that allows for igmp snooping you should be able to block it from hitting pfsense and filling up your logs.

  • is the source address used before a device knows it's IP address.  It's often used for DHCP requests.  You can use packet capture or Wireshark, to see where those packets are coming from and what they're doing.