Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Huge DNS traffic?

    Scheduled Pinned Locked Moved DHCP and DNS
    9 Posts 3 Posters 1.0k Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D Offline
      deanfourie
      last edited by

      Can someone tell me whats going on here, and what is the 0 in a pfSense packet capture. Does this resemble to packet payload?

      Is this traffic something to be concerned about? It is literally endless ongoing traffic.

      Thanks

      17:42:53.502985 IP 172.16.101.7.39720 > 1.0.0.1.853: tcp 0
17:42:53.502994 IP 172.16.101.7.39724 > 1.0.0.1.853: tcp 0
17:42:53.503001 IP 1.0.0.1.853 > 172.16.101.7.39720: tcp 0
17:42:53.503002 IP 1.0.0.1.853 > 172.16.101.7.39724: tcp 0
17:42:53.503171 IP 172.16.101.7.50428 > 1.1.1.1.853: tcp 0
17:42:53.503176 IP 1.1.1.1.853 > 172.16.101.7.50428: tcp 0
17:42:53.503816 IP 172.16.101.7.50430 > 1.1.1.1.853: tcp 0
17:42:53.503822 IP 172.16.101.7.50432 > 1.1.1.1.853: tcp 0
17:42:53.503827 IP 1.1.1.1.853 > 172.16.101.7.50430: tcp 0
17:42:53.503829 IP 1.1.1.1.853 > 172.16.101.7.50432: tcp 0
17:42:53.503968 IP 172.16.101.7.39726 > 1.0.0.1.853: tcp 0
17:42:53.503978 IP 1.0.0.1.853 > 172.16.101.7.39726: tcp 0
17:42:53.504345 IP 172.16.101.7.39728 > 1.0.0.1.853: tcp 0
17:42:53.504353 IP 1.0.0.1.853 > 172.16.101.7.39728: tcp 0
17:42:53.504759 IP 172.16.101.7.50434 > 1.1.1.1.853: tcp 0
17:42:53.504764 IP 1.1.1.1.853 > 172.16.101.7.50434: tcp 0
17:42:53.504997 IP 172.16.101.7.50436 > 1.1.1.1.853: tcp 0
17:42:53.505005 IP 1.1.1.1.853 > 172.16.101.7.50436: tcp 0
17:42:53.505053 IP 172.16.101.7.39730 > 1.0.0.1.853: tcp 0
17:42:53.505058 IP 1.0.0.1.853 > 172.16.101.7.39730: tcp 0
17:42:53.505469 IP 172.16.101.7.39732 > 1.0.0.1.853: tcp 0
17:42:53.505477 IP 1.0.0.1.853 > 172.16.101.7.39732: tcp 0
17:42:53.505495 IP 172.16.101.7.39734 > 1.0.0.1.853: tcp 0
17:42:53.505500 IP 1.0.0.1.853 > 172.16.101.7.39734: tcp 0
17:42:53.505649 IP 172.16.101.7.50438 > 1.1.1.1.853: tcp 0
17:42:53.505654 IP 1.1.1.1.853 > 172.16.101.7.50438: tcp 0
17:42:53.505963 IP 172.16.101.7.50442 > 1.1.1.1.853: tcp 0
17:42:53.505971 IP 1.1.1.1.853 > 172.16.101.7.50442: tcp 0
17:42:53.506186 IP 172.16.101.7.50444 > 1.1.1.1.853: tcp 0
17:42:53.506191 IP 1.1.1.1.853 > 172.16.101.7.50444: tcp 0
17:42:53.506421 IP 172.16.101.7.39736 > 1.0.0.1.853: tcp 0
17:42:53.506426 IP 1.0.0.1.853 > 172.16.101.7.39736: tcp 0
17:42:53.506659 IP 172.16.101.7.39738 > 1.0.0.1.853: tcp 0
17:42:53.506664 IP 1.0.0.1.853 > 172.16.101.7.39738: tcp 0
17:42:53.506725 IP 172.16.101.7.39740 > 1.0.0.1.853: tcp 0
17:42:53.506730 IP 1.0.0.1.853 > 172.16.101.7.39740: tcp 0
17:42:53.507120 IP 172.16.101.7.50446 > 1.1.1.1.853: tcp 0
17:42:53.507128 IP 1.1.1.1.853 > 172.16.101.7.50446: tcp 0
17:42:53.507296 IP 172.16.101.7.50448 > 1.1.1.1.853: tcp 0
17:42:53.507301 IP 1.1.1.1.853 > 172.16.101.7.50448: tcp 0
17:42:53.507363 IP 172.16.101.7.50450 > 1.1.1.1.853: tcp 0
17:42:53.507369 IP 1.1.1.1.853 > 172.16.101.7.50450: tcp 0
17:42:53.507757 IP 172.16.101.7.39742 > 1.0.0.1.853: tcp 0
17:42:53.507764 IP 172.16.101.7.39744 > 1.0.0.1.853: tcp 0
17:42:53.507770 IP 1.0.0.1.853 > 172.16.101.7.39742: tcp 0
17:42:53.507771 IP 1.0.0.1.853 > 172.16.101.7.39744: tcp 0
17:42:53.508245 IP 172.16.101.7.39746 > 1.0.0.1.853: tcp 0
17:42:53.508254 IP 1.0.0.1.853 > 172.16.101.7.39746: tcp 0
17:42:53.508350 IP 172.16.101.7.50454 > 1.1.1.1.853: tcp 0
17:42:53.508353 IP 172.16.101.7.50456 > 1.1.1.1.853: tcp 0
17:42:53.508357 IP 1.1.1.1.853 > 172.16.101.7.50454: tcp 0
17:42:53.508359 IP 1.1.1.1.853 > 172.16.101.7.50456: tcp 0
17:42:53.509018 IP 172.16.101.7.50458 > 1.1.1.1.853: tcp 0
17:42:53.509024 IP 172.16.101.7.39748 > 1.0.0.1.853: tcp 0
17:42:53.509027 IP 172.16.101.7.39752 > 1.0.0.1.853: tcp 0
17:42:53.509032 IP 1.1.1.1.853 > 172.16.101.7.50458: tcp 0
17:42:53.509033 IP 1.0.0.1.853 > 172.16.101.7.39748: tcp 0
17:42:53.509035 IP 1.0.0.1.853 > 172.16.101.7.39752: tcp 0
17:42:53.510001 IP 172.16.101.7.39754 > 1.0.0.1.853: tcp 0
17:42:53.510007 IP 172.16.101.7.50460 > 1.1.1.1.853: tcp 0
17:42:53.510010 IP 172.16.101.7.50462 > 1.1.1.1.853: tcp 0
17:42:53.510016 IP 1.0.0.1.853 > 172.16.101.7.39754: tcp 0
17:42:53.510018 IP 1.1.1.1.853 > 172.16.101.7.50460: tcp 0
17:42:53.510020 IP 1.1.1.1.853 > 172.16.101.7.50462: tcp 0
17:42:53.510879 IP 172.16.101.7.50464 > 1.1.1.1.853: tcp 0
17:42:53.510886 IP 172.16.101.7.39756 > 1.0.0.1.853: tcp 0
17:42:53.510904 IP 1.1.1.1.853 > 172.16.101.7.50464: tcp 0
17:42:53.510907 IP 1.0.0.1.853 > 172.16.101.7.39756: tcp 0
17:42:53.511029 IP 172.16.101.7.39758 > 1.0.0.1.853: tcp 0
17:42:53.511037 IP 1.0.0.1.853 > 172.16.101.7.39758: tcp 0
17:42:53.511662 IP 172.16.101.7.39760 > 1.0.0.1.853: tcp 0
17:42:53.511669 IP 172.16.101.7.50466 > 1.1.1.1.853: tcp 0
17:42:53.511671 IP 172.16.101.7.50468 > 1.1.1.1.853: tcp 0
17:42:53.511677 IP 1.0.0.1.853 > 172.16.101.7.39760: tcp 0
17:42:53.511679 IP 1.1.1.1.853 > 172.16.101.7.50466: tcp 0
17:42:53.511681 IP 1.1.1.1.853 > 172.16.101.7.50468: tcp 0
17:42:53.512564 IP 172.16.101.7.50470 > 1.1.1.1.853: tcp 0
17:42:53.512573 IP 172.16.101.7.39762 > 1.0.0.1.853: tcp 0
17:42:53.512577 IP 172.16.101.7.39764 > 1.0.0.1.853: tcp 0
17:42:53.512584 IP 1.1.1.1.853 > 172.16.101.7.50470: tcp 0
17:42:53.512586 IP 1.0.0.1.853 > 172.16.101.7.39762: tcp 0
17:42:53.512588 IP 1.0.0.1.853 > 172.16.101.7.39764: tcp 0
17:42:53.513525 IP 172.16.101.7.39766 > 1.0.0.1.853: tcp 0
17:42:53.513533 IP 172.16.101.7.50472 > 1.1.1.1.853: tcp 0
17:42:53.513536 IP 172.16.101.7.50474 > 1.1.1.1.853: tcp 0
17:42:53.513542 IP 1.0.0.1.853 > 172.16.101.7.39766: tcp 0
17:42:53.513544 IP 1.1.1.1.853 > 172.16.101.7.50472: tcp 0
17:42:53.513546 IP 1.1.1.1.853 > 172.16.101.7.50474: tcp 0
17:42:53.514094 IP 172.16.101.7.50476 > 1.1.1.1.853: tcp 0
17:42:53.514103 IP 1.1.1.1.853 > 172.16.101.7.50476: tcp 0
17:42:53.514108 IP 172.16.101.7.39768 > 1.0.0.1.853: tcp 0
17:42:53.514112 IP 1.0.0.1.853 > 172.16.101.7.39768: tcp 0
17:42:53.514474 IP 172.16.101.7.39772 > 1.0.0.1.853: tcp 0
17:42:53.514483 IP 1.0.0.1.853 > 172.16.101.7.39772: tcp 0
17:42:53.514654 IP 172.16.101.7.39774 > 1.0.0.1.853: tcp 0
17:42:53.514659 IP 1.0.0.1.853 > 172.16.101.7.39774: tcp 0
17:42:53.514922 IP 172.16.101.7.50478 > 1.1.1.1.853: tcp 0
17:42:53.514931 IP 1.1.1.1.853 > 172.16.101.7.50478: tcp 0
17:42:53.515095 IP 172.16.101.7.50480 > 1.1.1.1.853: tcp 0
17:42:53.515100 IP 1.1.1.1.853 > 172.16.101.7.50480: tcp 0
17:42:53.515284 IP 172.16.101.7.50482 > 1.1.1.1.853: tcp 0
17:42:53.515288 IP 1.1.1.1.853 > 172.16.101.7.50482: tcp 0
17:42:53.515567 IP 172.16.101.7.39776 > 1.0.0.1.853: tcp 0
17:42:53.515570 IP 172.16.101.7.39778 > 1.0.0.1.853: tcp 0
17:42:53.515574 IP 1.0.0.1.853 > 172.16.101.7.39776: tcp 0
17:42:53.515575 IP 1.0.0.1.853 > 172.16.101.7.39778: tcp 0
17:42:53.516320 IP 172.16.101.7.39780 > 1.0.0.1.853: tcp 0
17:42:53.516327 IP 172.16.101.7.50484 > 1.1.1.1.853: tcp 0
17:42:53.516330 IP 172.16.101.7.50486 > 1.1.1.1.853: tcp 0
17:42:53.516335 IP 1.0.0.1.853 > 172.16.101.7.39780: tcp 0
17:42:53.516337 IP 1.1.1.1.853 > 172.16.101.7.50484: tcp 0
17:42:53.516338 IP 1.1.1.1.853 > 172.16.101.7.50486: tcp 0
17:42:53.517306 IP 172.16.101.7.50488 > 1.1.1.1.853: tcp 0
17:42:53.517315 IP 1.1.1.1.853 > 172.16.101.7.50488: tcp 0
17:42:53.517545 IP 172.16.101.7.39784 > 1.0.0.1.853: tcp 0
17:42:53.517551 IP 172.16.101.7.39786 > 1.0.0.1.853: tcp 0
17:42:53.517556 IP 1.0.0.1.853 > 172.16.101.7.39784: tcp 0
17:42:53.517558 IP 1.0.0.1.853 > 172.16.101.7.39786: tcp 0
17:42:53.518113 IP 172.16.101.7.39790 > 1.0.0.1.853: tcp 0
17:42:53.518123 IP 1.0.0.1.853 > 172.16.101.7.39790: tcp 0
17:42:53.518224 IP 172.16.101.7.50490 > 1.1.1.1.853: tcp 0
17:42:53.518235 IP 1.1.1.1.853 > 172.16.101.7.50490: tcp 0
17:42:53.518671 IP 172.16.101.7.50492 > 1.1.1.1.853: tcp 0
17:42:53.518680 IP 1.1.1.1.853 > 172.16.101.7.50492: tcp 0
17:42:53.518776 IP 172.16.101.7.39792 > 1.0.0.1.853: tcp 0
17:42:53.518783 IP 172.16.101.7.50494 > 1.1.1.1.853: tcp 0
17:42:53.518790 IP 1.0.0.1.853 > 172.16.101.7.39792: tcp 0
17:42:53.518792 IP 1.1.1.1.853 > 172.16.101.7.50494: tcp 0
17:42:53.519924 IP 172.16.101.7.39796 > 1.0.0.1.853: tcp 0
17:42:53.519931 IP 172.16.101.7.39794 > 1.0.0.1.853: tcp 0
17:42:53.519933 IP 172.16.101.7.50496 > 1.1.1.1.853: tcp 0
17:42:53.519939 IP 1.0.0.1.853 > 172.16.101.7.39796: tcp 0
17:42:53.519941 IP 1.0.0.1.853 > 172.16.101.7.39794: tcp 0
17:42:53.519943 IP 1.1.1.1.853 > 172.16.101.7.50496: tcp 0
17:42:53.521180 IP 172.16.101.7.50498 > 1.1.1.1.853: tcp 0
17:42:53.521186 IP 172.16.101.7.39798 > 1.0.0.1.853: tcp 0
17:42:53.521192 IP 1.1.1.1.853 > 172.16.101.7.50498: tcp 0
17:42:53.521194 IP 1.0.0.1.853 > 172.16.101.7.39798: tcp 0
17:42:53.521479 IP 172.16.101.7.50500 > 1.1.1.1.853: tcp 0
17:42:53.521489 IP 1.1.1.1.853 > 172.16.101.7.50500: tcp 0
17:42:53.522383 IP 172.16.101.7.39800 > 1.0.0.1.853: tcp 0
17:42:53.522390 IP 172.16.101.7.50502 > 1.1.1.1.853: tcp 0
17:42:53.522396 IP 1.0.0.1.853 > 172.16.101.7.39800: tcp 0
17:42:53.522398 IP 1.1.1.1.853 > 172.16.101.7.50502: tcp 0
17:42:53.523095 IP 172.16.101.7.39802 > 1.0.0.1.853: tcp 0
17:42:53.523105 IP 1.0.0.1.853 > 172.16.101.7.39802: tcp 0
17:42:53.523469 IP 172.16.101.7.39804 > 1.0.0.1.853: tcp 0
17:42:53.523476 IP 172.16.101.7.50504 > 1.1.1.1.853: tcp 0
17:42:53.523482 IP 1.0.0.1.853 > 172.16.101.7.39804: tcp 0
17:42:53.523484 IP 1.1.1.1.853 > 172.16.101.7.50504: tcp 0
17:42:53.524287 IP 172.16.101.7.50506 > 1.1.1.1.853: tcp 0
17:42:53.524297 IP 1.1.1.1.853 > 172.16.101.7.50506: tcp 0
17:42:53.525052 IP 172.16.101.7.39808 > 1.0.0.1.853: tcp 0
17:42:53.525057 IP 172.16.101.7.39806 > 1.0.0.1.853: tcp 0
17:42:53.525060 IP 172.16.101.7.50508 > 1.1.1.1.853: tcp 0
17:42:53.525064 IP 1.0.0.1.853 > 172.16.101.7.39808: tcp 0
17:42:53.525066 IP 1.0.0.1.853 > 172.16.101.7.39806: tcp 0
17:42:53.525068 IP 1.1.1.1.853 > 172.16.101.7.50508: tcp 0
17:42:53.526160 IP 172.16.101.7.50510 > 1.1.1.1.853: tcp 0
17:42:53.526167 IP 172.16.101.7.50512 > 1.1.1.1.853: tcp 0
17:42:53.526173 IP 1.1.1.1.853 > 172.16.101.7.50510: tcp 0
17:42:53.526175 IP 1.1.1.1.853 > 172.16.101.7.50512: tcp 0
17:42:53.526246 IP 172.16.101.7.39810 > 1.0.0.1.853: tcp 0
17:42:53.526257 IP 1.0.0.1.853 > 172.16.101.7.39810: tcp 0
17:42:53.526929 IP 172.16.101.7.39812 > 1.0.0.1.853: tcp 0
17:42:53.526939 IP 1.0.0.1.853 > 172.16.101.7.39812: tcp 0
17:42:53.527298 IP 172.16.101.7.50514 > 1.1.1.1.853: tcp 0
17:42:53.527308 IP 1.1.1.1.853 > 172.16.101.7.50514: tcp 0
17:42:53.527581 IP 172.16.101.7.50516 > 1.1.1.1.853: tcp 0
17:42:53.527591 IP 1.1.1.1.853 > 172.16.101.7.50516: tcp 0
17:42:53.527691 IP 172.16.101.7.39814 > 1.0.0.1.853: tcp 0
17:42:53.527701 IP 1.0.0.1.853 > 172.16.101.7.39814: tcp 0
17:42:53.527986 IP 172.16.101.7.39816 > 1.0.0.1.853: tcp 0
17:42:53.527992 IP 172.16.101.7.39818 > 1.0.0.1.853: tcp 0
17:42:53.527998 IP 1.0.0.1.853 > 172.16.101.7.39816: tcp 0
17:42:53.528000 IP 1.0.0.1.853 > 172.16.101.7.39818: tcp 0
17:42:53.528636 IP 172.16.101.7.50518 > 1.1.1.1.853: tcp 0
17:42:53.528643 IP 172.16.101.7.50520 > 1.1.1.1.853: tcp 0
17:42:53.528646 IP 172.16.101.7.50524 > 1.1.1.1.853: tcp 0
17:42:53.528652 IP 1.1.1.1.853 > 172.16.101.7.50518: tcp 0
17:42:53.528654 IP 1.1.1.1.853 > 172.16.101.7.50520: tcp 0
17:42:53.528655 IP 1.1.1.1.853 > 172.16.101.7.50524: tcp 0
17:42:53.529599 IP 172.16.101.7.39824 > 1.0.0.1.853: tcp 0
17:42:53.529606 IP 172.16.101.7.39822 > 1.0.0.1.853: tcp 0
17:42:53.529609 IP 172.16.101.7.39820 > 1.0.0.1.853: tcp 0
17:42:53.529614 IP 1.0.0.1.853 > 172.16.101.7.39824: tcp 0
17:42:53.529616 IP 1.0.0.1.853 > 172.16.101.7.39822: tcp 0
17:42:53.529618 IP 1.0.0.1.853 > 172.16.101.7.39820: tcp 0
17:42:53.530652 IP 172.16.101.7.50532 > 1.1.1.1.853: tcp 0
17:42:53.530659 IP 172.16.101.7.50528 > 1.1.1.1.853: tcp 0
17:42:53.530661 IP 172.16.101.7.50530 > 1.1.1.1.853: tcp 0
17:42:53.530667 IP 1.1.1.1.853 > 172.16.101.7.50532: tcp 0
17:42:53.530669 IP 1.1.1.1.853 > 172.16.101.7.50528: tcp 0
17:42:53.530671 IP 1.1.1.1.853 > 172.16.101.7.50530: tcp 0
17:42:53.531540 IP 172.16.101.7.39830 > 1.0.0.1.853: tcp 0
17:42:53.531546 IP 172.16.101.7.39828 > 1.0.0.1.853: tcp 0
17:42:53.531552 IP 1.0.0.1.853 > 172.16.101.7.39830: tcp 0
17:42:53.531554 IP 1.0.0.1.853 > 172.16.101.7.39828: tcp 0
17:42:53.531713 IP 172.16.101.7.39832 > 1.0.0.1.853: tcp 0
17:42:53.531719 IP 1.0.0.1.853 > 172.16.101.7.39832: tcp 0
17:42:53.532211 IP 172.16.101.7.50538 > 1.1.1.1.853: tcp 0
17:42:53.532218 IP 172.16.101.7.50540 > 1.1.1.1.853: tcp 0
17:42:53.532224 IP 1.1.1.1.853 > 172.16.101.7.50538: tcp 0
17:42:53.532226 IP 1.1.1.1.853 > 172.16.101.7.50540: tcp 0
17:42:53.532459 IP 172.16.101.7.50542 > 1.1.1.1.853: tcp 0
17:42:53.532470 IP 1.1.1.1.853 > 172.16.101.7.50542: tcp 0
17:42:53.532934 IP 172.16.101.7.39834 > 1.0.0.1.853: tcp 0
17:42:53.532959 IP 1.0.0.1.853 > 172.16.101.7.39834: tcp 0
17:42:53.532997 IP 172.16.101.7.39836 > 1.0.0.1.853: tcp 0
17:42:53.533006 IP 1.0.0.1.853 > 172.16.101.7.39836: tcp 0
17:42:53.533063 IP 172.16.101.7.39838 > 1.0.0.1.853: tcp 0
17:42:53.533072 IP 1.0.0.1.853 > 172.16.101.7.39838: tcp 0
17:42:53.533463 IP 172.16.101.7.50544 > 1.1.1.1.853: tcp 0
17:42:53.533484 IP 1.1.1.1.853 > 172.16.101.7.50544: tcp 0
17:42:53.533604 IP 172.16.101.7.50546 > 1.1.1.1.853: tcp 0
17:42:53.533611 IP 172.16.101.7.50548 > 1.1.1.1.853: tcp 0
17:42:53.533617 IP 1.1.1.1.853 > 172.16.101.7.50546: tcp 0
17:42:53.533619 IP 1.1.1.1.853 > 172.16.101.7.50548: tcp 0
17:42:53.534095 IP 172.16.101.7.39842 > 1.0.0.1.853: tcp 0
17:42:53.534106 IP 1.0.0.1.853 > 172.16.101.7.39842: tcp 0
17:42:53.534159 IP 172.16.101.7.39844 > 1.0.0.1.853: tcp 0
17:42:53.534169 IP 1.0.0.1.853 > 172.16.101.7.39844: tcp 0
17:42:53.534218 IP 172.16.101.7.39846 > 1.0.0.1.853: tcp 0
17:42:53.534224 IP 1.0.0.1.853 > 172.16.101.7.39846: tcp 0
17:42:53.534539 IP 172.16.101.7.50550 > 1.1.1.1.853: tcp 0
17:42:53.534545 IP 1.1.1.1.853 > 172.16.101.7.50550: tcp 0
17:42:53.534678 IP 172.16.101.7.50552 > 1.1.1.1.853: tcp 0
17:42:53.534683 IP 1.1.1.1.853 > 172.16.101.7.50552: tcp 0
17:42:53.534918 IP 172.16.101.7.50554 > 1.1.1.1.853: tcp 0
17:42:53.534927 IP 1.1.1.1.853 > 172.16.101.7.50554: tcp 0
17:42:53.535117 IP 172.16.101.7.39848 > 1.0.0.1.853: tcp 0
17:42:53.535120 IP 172.16.101.7.39850 > 1.0.0.1.853: tcp 0
17:42:53.535125 IP 1.0.0.1.853 > 172.16.101.7.39848: tcp 0
17:42:53.535127 IP 1.0.0.1.853 > 172.16.101.7.39850: tcp 0
17:42:53.535785 IP 172.16.101.7.50556 > 1.1.1.1.853: tcp 0
17:42:53.535792 IP 172.16.101.7.50558 > 1.1.1.1.853: tcp 0
17:42:53.535798 IP 1.1.1.1.853 > 172.16.101.7.50556: tcp 0
17:42:53.535800 IP 1.1.1.1.853 > 172.16.101.7.50558: tcp 0
17:42:53.535947 IP 172.16.101.7.39854 > 1.0.0.1.853: tcp 0
17:42:53.535957 IP 1.0.0.1.853 > 172.16.101.7.39854: tcp 0
17:42:53.536317 IP 172.16.101.7.39856 > 1.0.0.1.853: tcp 0
17:42:53.536324 IP 172.16.101.7.39858 > 1.0.0.1.853: tcp 0
17:42:53.536330 IP 1.0.0.1.853 > 172.16.101.7.39856: tcp 0
17:42:53.536332 IP 1.0.0.1.853 > 172.16.101.7.39858: tcp 0
17:42:53.536652 IP 172.16.101.7.50560 > 1.1.1.1.853: tcp 0
17:42:53.536663 IP 1.1.1.1.853 > 172.16.101.7.50560: tcp 0
17:42:53.537013 IP 172.16.101.7.50562 > 1.1.1.1.853: tcp 0
17:42:53.537023 IP 1.1.1.1.853 > 172.16.101.7.50562: tcp 0
17:42:53.537074 IP 172.16.101.7.50564 > 1.1.1.1.853: tcp 0
17:42:53.537079 IP 1.1.1.1.853 > 172.16.101.7.50564: tcp 0
17:42:53.537347 IP 172.16.101.7.39860 > 1.0.0.1.853: tcp 0
17:42:53.537352 IP 1.0.0.1.853 > 172.16.101.7.39860: tcp 0
17:42:53.537510 IP 172.16.101.7.39862 > 1.0.0.1.853: tcp 0
17:42:53.537515 IP 1.0.0.1.853 > 172.16.101.7.39862: tcp 0
17:42:53.537660 IP 172.16.101.7.39864 > 1.0.0.1.853: tcp 0
17:42:53.537665 IP 1.0.0.1.853 > 172.16.101.7.39864: tcp 0
17:42:53.537974 IP 172.16.101.7.50566 > 1.1.1.1.853: tcp 0
17:42:53.537983 IP 1.1.1.1.853 > 172.16.101.7.50566: tcp 0
17:42:53.538055 IP 172.16.101.7.50568 > 1.1.1.1.853: tcp 0
17:42:53.538060 IP 1.1.1.1.853 > 172.16.101.7.50568: tcp 0
17:42:53.538369 IP 172.16.101.7.50570 > 1.1.1.1.853: tcp 0
17:42:53.538374 IP 1.1.1.1.853 > 172.16.101.7.50570: tcp 0
17:42:53.538527 IP 172.16.101.7.39866 > 1.0.0.1.853: tcp 0
17:42:53.538531 IP 1.0.0.1.853 > 172.16.101.7.39866: tcp 0
17:42:53.538583 IP 172.16.101.7.39868 > 1.0.0.1.853: tcp 0
17:42:53.538588 IP 1.0.0.1.853 > 172.16.101.7.39868: tcp 0
17:42:53.539112 IP 172.16.101.7.39870 > 1.0.0.1.853: tcp 0
17:42:53.539118 IP 172.16.101.7.50572 > 1.1.1.1.853: tcp 0
17:42:53.539123 IP 1.0.0.1.853 > 172.16.101.7.39870: tcp 0
17:42:53.539125 IP 1.1.1.1.853 > 172.16.101.7.50572: tcp 0
17:42:53.539503 IP 172.16.101.7.50574 > 1.1.1.1.853: tcp 0
17:42:53.539512 IP 1.1.1.1.853 > 172.16.101.7.50574: tcp 0
17:42:53.540017 IP 172.16.101.7.50578 > 1.1.1.1.853: tcp 0
17:42:53.540035 IP 1.1.1.1.853 > 172.16.101.7.50578: tcp 0
17:42:53.540274 IP 172.16.101.7.39874 > 1.0.0.1.853: tcp 0
17:42:53.540277 IP 172.16.101.7.39876 > 1.0.0.1.853: tcp 0
17:42:53.540281 IP 1.0.0.1.853 > 172.16.101.7.39874: tcp 0
17:42:53.540283 IP 1.0.0.1.853 > 172.16.101.7.39876: tcp 0
17:42:53.540952 IP 172.16.101.7.39878 > 1.0.0.1.853: tcp 0
17:42:53.540961 IP 1.0.0.1.853 > 172.16.101.7.39878: tcp 0
17:42:53.541047 IP 172.16.101.7.50580 > 1.1.1.1.853: tcp 0
17:42:53.541052 IP 1.1.1.1.853 > 172.16.101.7.50580: tcp 0
17:42:53.541079 IP 172.16.101.7.50582 > 1.1.1.1.853: tcp 0
17:42:53.541084 IP 1.1.1.1.853 > 172.16.101.7.50582: tcp 0
17:42:53.541510 IP 172.16.101.7.50584 > 1.1.1.1.853: tcp 0
17:42:53.541518 IP 1.1.1.1.853 > 172.16.101.7.50584: tcp 0
17:42:53.541741 IP 172.16.101.7.39880 > 1.0.0.1.853: tcp 0
17:42:53.541745 IP 172.16.101.7.39884 > 1.0.0.1.853: tcp 0
17:42:53.541750 IP 1.0.0.1.853 > 172.16.101.7.39880: tcp 0
17:42:53.541751 IP 1.0.0.1.853 > 172.16.101.7.39884: tcp 0
17:42:53.542077 IP 172.16.101.7.39886 > 1.0.0.1.853: tcp 0
17:42:53.542086 IP 1.0.0.1.853 > 172.16.101.7.39886: tcp 0
17:42:53.542276 IP 172.16.101.7.50586 > 1.1.1.1.853: tcp 0
17:42:53.542279 IP 172.16.101.7.50590 > 1.1.1.1.853: tcp 0
17:42:53.542283 IP 1.1.1.1.853 > 172.16.101.7.50586: tcp 0
17:42:53.542285 IP 1.1.1.1.853 > 172.16.101.7.50590: tcp 0
17:42:53.542859 IP 172.16.101.7.50594 > 1.1.1.1.853: tcp 0
17:42:53.542864 IP 172.16.101.7.39888 > 1.0.0.1.853: tcp 0
17:42:53.542869 IP 1.1.1.1.853 > 172.16.101.7.50594: tcp 0
17:42:53.542871 IP 1.0.0.1.853 > 172.16.101.7.39888: tcp 0
17:42:53.543301 IP 172.16.101.7.39890 > 1.0.0.1.853: tcp 0
17:42:53.543309 IP 1.0.0.1.853 > 172.16.101.7.39890: tcp 0
17:42:53.543349 IP 172.16.101.7.39892 > 1.0.0.1.853: tcp 0
17:42:53.543355 IP 1.0.0.1.853 > 172.16.101.7.39892: tcp 0
17:42:53.543376 IP 172.16.101.7.50596 > 1.1.1.1.853: tcp 0
17:42:53.543383 IP 1.1.1.1.853 > 172.16.101.7.50596: tcp 0
17:42:53.543899 IP 172.16.101.7.50598 > 1.1.1.1.853: tcp 0
17:42:53.543909 IP 1.1.1.1.853 > 172.16.101.7.50598: tcp 0
17:42:53.543949 IP 172.16.101.7.50600 > 1.1.1.1.853: tcp 0
17:42:53.543955 IP 1.1.1.1.853 > 172.16.101.7.50600: tcp 0
17:42:53.544069 IP 172.16.101.7.39894 > 1.0.0.1.853: tcp 0
17:42:53.544076 IP 1.0.0.1.853 > 172.16.101.7.39894: tcp 0
17:42:53.544514 IP 172.16.101.7.39896 > 1.0.0.1.853: tcp 0
17:42:53.544521 IP 172.16.101.7.39898 > 1.0.0.1.853: tcp 0
17:42:53.544527 IP 1.0.0.1.853 > 172.16.101.7.39896: tcp 0
17:42:53.544528 IP 1.0.0.1.853 > 172.16.101.7.39898: tcp 0
17:42:53.545065 IP 172.16.101.7.50604 > 1.1.1.1.853: tcp 0
17:42:53.545074 IP 1.1.1.1.853 > 172.16.101.7.50604: tcp 0
17:42:53.545171 IP 172.16.101.7.50606 > 1.1.1.1.853: tcp 0
17:42:53.545174 IP 172.16.101.7.50608 > 1.1.1.1.853: tcp 0
17:42:53.545178 IP 1.1.1.1.853 > 172.16.101.7.50606: tcp 0
17:42:53.545179 IP 1.1.1.1.853 > 172.16.101.7.50608: tcp 0
17:42:53.545794 IP 172.16.101.7.39900 > 1.0.0.1.853: tcp 0
17:42:53.545800 IP 172.16.101.7.39902 > 1.0.0.1.853: tcp 0
17:42:53.545805 IP 1.0.0.1.853 > 172.16.101.7.39900: tcp 0
17:42:53.545807 IP 1.0.0.1.853 > 172.16.101.7.39902: tcp 0
17:42:53.546095 IP 172.16.101.7.39904 > 1.0.0.1.853: tcp 0
17:42:53.546103 IP 1.0.0.1.853 > 172.16.101.7.39904: tcp 0
17:42:53.546363 IP 172.16.101.7.50614 > 1.1.1.1.853: tcp 0
17:42:53.546366 IP 172.16.101.7.50610 > 1.1.1.1.853: tcp 0
17:42:53.546370 IP 1.1.1.1.853 > 172.16.101.7.50614: tcp 0
17:42:53.546372 IP 1.1.1.1.853 > 172.16.101.7.50610: tcp 0
17:42:53.547004 IP 172.16.101.7.50616 > 1.1.1.1.853: tcp 0
17:42:53.547010 IP 172.16.101.7.39906 > 1.0.0.1.853: tcp 0
17:42:53.547015 IP 1.1.1.1.853 > 172.16.101.7.50616: tcp 0
17:42:53.547017 IP 1.0.0.1.853 > 172.16.101.7.39906: tcp 0
17:42:53.547068 IP 172.16.101.7.39908 > 1.0.0.1.853: tcp 0
17:42:53.547073 IP 1.0.0.1.853 > 172.16.101.7.39908: tcp 0
17:42:53.547634 IP 172.16.101.7.39910 > 1.0.0.1.853: tcp 0
17:42:53.547643 IP 1.0.0.1.853 > 172.16.101.7.39910: tcp 0
17:42:53.547778 IP 172.16.101.7.50618 > 1.1.1.1.853: tcp 0
17:42:53.547784 IP 1.1.1.1.853 > 172.16.101.7.50618: tcp 0
17:42:53.547952 IP 172.16.101.7.50620 > 1.1.1.1.853: tcp 0
17:42:53.547960 IP 1.1.1.1.853 > 172.16.101.7.50620: tcp 0
17:42:53.548284 IP 172.16.101.7.50622 > 1.1.1.1.853: tcp 0
17:42:53.548289 IP 1.1.1.1.853 > 172.16.101.7.50622: tcp 0
17:42:53.548792 IP 172.16.101.7.39914 > 1.0.0.1.853: tcp 0
17:42:53.548801 IP 1.0.0.1.853 > 172.16.101.7.39914: tcp 0
17:42:53.548866 IP 172.16.101.7.39912 > 1.0.0.1.853: tcp 0
17:42:53.548871 IP 1.0.0.1.853 > 172.16.101.7.39912: tcp 0
17:42:53.549081 IP 172.16.101.7.39916 > 1.0.0.1.853: tcp 0
17:42:53.549090 IP 1.0.0.1.853 > 172.16.101.7.39916: tcp 0
17:42:53.549332 IP 172.16.101.7.50624 > 1.1.1.1.853: tcp 0
17:42:53.549340 IP 1.1.1.1.853 > 172.16.101.7.50624: tcp 0
17:42:53.549368 IP 172.16.101.7.50628 > 1.1.1.1.853: tcp 0
17:42:53.549373 IP 1.1.1.1.853 > 172.16.101.7.50628: tcp 0
17:42:53.549767 IP 172.16.101.7.50630 > 1.1.1.1.853: tcp 0
17:42:53.549776 IP 1.1.1.1.853 > 172.16.101.7.50630: tcp 0
17:42:53.549859 IP 172.16.101.7.39920 > 1.0.0.1.853: tcp 0
17:42:53.549864 IP 1.0.0.1.853 > 172.16.101.7.39920: tcp 0
17:42:53.550009 IP 172.16.101.7.39922 > 1.0.0.1.853: tcp 0
17:42:53.550018 IP 1.0.0.1.853 > 172.16.101.7.39922: tcp 0
17:42:53.550357 IP 172.16.101.7.39924 > 1.0.0.1.853: tcp 0
17:42:53.550360 IP 172.16.101.7.50632 > 1.1.1.1.853: tcp 0
17:42:53.550364 IP 1.0.0.1.853 > 172.16.101.7.39924: tcp 0
17:42:53.550366 IP 1.1.1.1.853 > 172.16.101.7.50632: tcp 0
17:42:53.551049 IP 172.16.101.7.50634 > 1.1.1.1.853: tcp 0
17:42:53.551055 IP 172.16.101.7.39926 > 1.0.0.1.853: tcp 0
17:42:53.551058 IP 172.16.101.7.50636 > 1.1.1.1.853: tcp 0
17:42:53.551063 IP 1.1.1.1.853 > 172.16.101.7.50634: tcp 0
17:42:53.551064 IP 1.0.0.1.853 > 172.16.101.7.39926: tcp 0
17:42:53.551066 IP 1.1.1.1.853 > 172.16.101.7.50636: tcp 0
17:42:53.551927 IP 172.16.101.7.39928 > 1.0.0.1.853: tcp 0
17:42:53.551933 IP 172.16.101.7.50638 > 1.1.1.1.853: tcp 0
17:42:53.551935 IP 172.16.101.7.39930 > 1.0.0.1.853: tcp 0
17:42:53.551940 IP 1.0.0.1.853 > 172.16.101.7.39928: tcp 0
      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG Offline
        Gertjan @deanfourie
        last edited by

        Ask the guy who maintains :

        @deanfourie said in Huge DNS traffic?:

        172.16.101.7

        ?!

        No need to locate that device.
        Firewall it's IP. Now he will come over to you, so you can explain him that he should calm down a bit - or do something about it.

        This one really loves to speak to 1.1.1.1 and 1.0.0.1. That's not pfSense.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        D 1 Reply Last reply Reply Quote 0
        • D Offline
          deanfourie @Gertjan
          last edited by

          @gertjan no no no calm down haha im not blaming pfSense,

          Just asking for general help as, seems strange to me to have so many flows to 1.1.1.1 and 1.0.0.1.

          Just curious as to why this would be the case.

          GertjanG keyserK 2 Replies Last reply Reply Quote 0
          • GertjanG Offline
            Gertjan @deanfourie
            last edited by

            @deanfourie said in Huge DNS traffic?:

            @gertjan no no no calm down haha im not blaming pfSense,

            Me either.
            But you can use pfSense to locate the device "172.16.101.7" (some device on a pfSense LAN) that really love to hammer on 1.1.1.1 and 1.0.0.1. They will say thanks to you for stopping 172.16.101.7 doing so.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 0
            • keyserK Offline
              keyser Rebel Alliance @deanfourie
              last edited by

              @deanfourie said in Huge DNS traffic?:

              @gertjan no no no calm down haha im not blaming pfSense,

              Just asking for general help as, seems strange to me to have so many flows to 1.1.1.1 and 1.0.0.1.

              Just curious as to why this would be the case.

              Most likely a browser that is using DNS over HTTPS resolve names via 1.1.1.1 (instead of your assigned DNS server). It’s becoming more and more common for browsers to skip the host assigned DNS server, and instead use their own DNS over HTTPS to different could DNS services. Chrome obviously does it to googles own servers, so Google can track you. Firefox’s argument is to counter tracking by only allowing Cloudflare to track you… go figure….

              That’s why the pfBlocker package has a “IP block” well known DOH an DOT servers feature.

              Love the no fuss of using the official appliances :-)

              D 1 Reply Last reply Reply Quote 0
              • D Offline
                deanfourie
                last edited by

                Its actually not commercial but a home setup.

                172.16.101.7 is a pi running homeassistant.

                GertjanG 1 Reply Last reply Reply Quote 0
                • D Offline
                  deanfourie @keyser
                  last edited by

                  @keyser Where can I find this feature in pfBlocker?

                  keyserK 1 Reply Last reply Reply Quote 0
                  • keyserK Offline
                    keyser Rebel Alliance @deanfourie
                    last edited by

                    @deanfourie said in Huge DNS traffic?:

                    @keyser Where can I find this feature in pfBlocker?

                    FIREWALL -> PFBlockerNG -> DNSBL -> DNSBL SafeSearch

                    Love the no fuss of using the official appliances :-)

                    1 Reply Last reply Reply Quote 0
                    • GertjanG Offline
                      Gertjan @deanfourie
                      last edited by Gertjan

                      @deanfourie said in Huge DNS traffic?:

                      pi

                      Thinks get easier now. Who admins this thing ?
                      You ?
                      Go for the easy choice : rip it out of your network. Solved ;)
                      Or go for the Youtube 'wtf is a pi anyway' series. You be in for some pretty good DNS info ;)

                      edit : Btw : pi and pfBlockerng-devel do somewhat the same thing. Using both == annoying a best.

                      No "help me" PM's please. Use the forum, the community will thank you.
                      Edit : and where are the logs ??

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.