IPSEC VPN between 2 sites has constant ~20k traffic. How best to find out what it is?



  • I've had two sites connected with pfSense ipsec vpn for a half year or so. I've been noticing that there's a constant ~20kb/s stream going across the connection. I don't remember seeing that.

    I'm trying to figure out how to best determine what this traffic is but I'm drawing a blank as to how to go about this.

    I have bandwidthD installed but that hasn't really given much information.

    I've got a bunch of devices connected on both sides (probably 20+ on each side), so I guess I could start knocking devices off one by one to try and find the culprit but I'm hoping there's a better way.

    Suggestions?

    Many Thanks,

    Roveer


  • Galactic Empire

    Have you tried a packet capture ?



  • @nogbadthebad said in IPSEC VPN between 2 sites has constant ~20k traffic. How best to find out what it is?:

    Have you tried a packet capture ?

    I didn't realize pfSense had a packet capture. Thanks for suggesting it. Now the results. I ran a quick capture on ipsec and then found the busy ip address. A quick look at the lease assignments showed me it was my Uniden Police Scanner wifi dongle. Then it hit me. I run Proscan scanner software from my office that points to my Uniden scanner to capture fire calls in my town (using the "fire tone out" feature), and then email them to me so I can hear them on my phone. I totally forgot that I had that communication running all the time, but the packet capture quickly pointed it out.

    Problem solved. Thanks for the tip.

    Roveer