How to Tell What Application is Responsible for Traffic
-
Hey, I'm currently in the cumbersome process of figuring out what traffic to allow and what to disallow. It would be really great if in the firewall logs they listed the IP address and the application on that IP address that is sending the traffic.
Is there anyway to accomplish something like this with pfSense? I imagine there would be a service that runs on each machine and staples a piece of meta data to each packet.
-
How is pfsense supposed to know what app sent the traffic, when that info is not included in IP? Even though you can know the protocol, you don't always know what app it's from. For example, protocols such as http or ssh are used by several apps.
-
ntopng ?
-
Use the info found here https://forum.netgate.com/topic/156158/what-do-your-firewall-rules-look-like/25?_=1599304505040 and start blocking everything.
Your LAN users will complain.Open up one by one the listed ports (see thread in link). Analyse what start s work. Note the relation between ports and services / programs.
@ProfessorManhattan said in How to Tell What Application is Responsible for Traffic:
the cumbersome proces
You got that part right.