Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Flooding

    Scheduled Pinned Locked Moved Firewalling
    14 Posts 3 Posters 905 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Antibiotic
      last edited by

      Please explain!
      Let's say have in firewall log or pfblockerng log some application get a lot of request. This request is blocking, but only see LAN address and port. How to determine , what kind application by name getting this flood?

      R 1 Reply Last reply Reply Quote 0
      • R
        rcoleman-netgate Netgate @Antibiotic
        last edited by

        @antibiotic Depends on the type of packet being blocked. Should be at the end of the log line.

        Ryan
        Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
        Requesting firmware for your Netgate device? https://go.netgate.com
        Switching: Mikrotik, Netgear, Extreme
        Wireless: Aruba, Ubiquiti

        A 1 Reply Last reply Reply Quote 0
        • A
          Antibiotic @rcoleman-netgate
          last edited by

          @rcoleman-netgate Screenshot 2023-04-11 234907.png

          R 1 Reply Last reply Reply Quote 0
          • R
            rcoleman-netgate Netgate @Antibiotic
            last edited by rcoleman-netgate

            These are blocks from pfBlocker for DNS of HTTPs...

            What's sitting at 192.168.11.14? You can find that in DHCP Leases (if it's a DHCP lease) if not you need to do a packet capture to get it's MAC and start hunting it down.

            From there you can trace it - you cannot find the detail you need just from the packet because it's going to https

            Ryan
            Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
            Requesting firmware for your Netgate device? https://go.netgate.com
            Switching: Mikrotik, Netgear, Extreme
            Wireless: Aruba, Ubiquiti

            A 1 Reply Last reply Reply Quote 0
            • A
              Antibiotic @rcoleman-netgate
              last edited by

              @rcoleman-netgate 192.168.11.14 - It's my laptop, some application on him is flooding.

              A R 2 Replies Last reply Reply Quote 0
              • A
                Antibiotic @Antibiotic
                last edited by

                This post is deleted!
                1 Reply Last reply Reply Quote 0
                • R
                  rcoleman-netgate Netgate @Antibiotic
                  last edited by

                  @antibiotic OK, then run a PCAP on your device.

                  The interface is WLAN - you have an interface called "WLAN", yes?

                  Ryan
                  Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
                  Requesting firmware for your Netgate device? https://go.netgate.com
                  Switching: Mikrotik, Netgear, Extreme
                  Wireless: Aruba, Ubiquiti

                  A 1 Reply Last reply Reply Quote 0
                  • A
                    Antibiotic @rcoleman-netgate
                    last edited by

                    @rcoleman-netgate said in Flooding:

                    then run a PCAP on your device

                    Do you mean install wireshark To run PCAP? Yes it is WLAN

                    R 1 Reply Last reply Reply Quote 0
                    • R
                      rcoleman-netgate Netgate @Antibiotic
                      last edited by

                      @antibiotic Wireshark™ is one way to do a package capture, yes.

                      Ryan
                      Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
                      Requesting firmware for your Netgate device? https://go.netgate.com
                      Switching: Mikrotik, Netgear, Extreme
                      Wireless: Aruba, Ubiquiti

                      A 1 Reply Last reply Reply Quote 0
                      • A
                        Antibiotic @rcoleman-netgate
                        last edited by

                        @rcoleman-netgate I did scanning on local host with wireshark. Have a lot of info, could be useful for pro. But again without a name of application?

                        johnpozJ 1 Reply Last reply Reply Quote 0
                        • johnpozJ
                          johnpoz LAYER 8 Global Moderator @Antibiotic
                          last edited by

                          @antibiotic you want the application on the .14 box creating the connections? Wireshark or sniffer not really going to tell you that.

                          since the traffic is tcp you should be able to just do a netstat with -b to show you the binary that is creating the connection.

                          An intelligent man is sometimes forced to be drunk to spend time with his fools
                          If you get confused: Listen to the Music Play
                          Please don't Chat/PM me for help, unless mod related
                          SG-4860 24.11 | Lab VMs 2.8, 24.11

                          A 1 Reply Last reply Reply Quote 0
                          • A
                            Antibiotic @johnpoz
                            last edited by

                            @johnpoz Should to run this command on pfsense or local host?

                            R 1 Reply Last reply Reply Quote 0
                            • R
                              rcoleman-netgate Netgate @Antibiotic
                              last edited by

                              @antibiotic your computer.

                              Ryan
                              Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
                              Requesting firmware for your Netgate device? https://go.netgate.com
                              Switching: Mikrotik, Netgear, Extreme
                              Wireless: Aruba, Ubiquiti

                              1 Reply Last reply Reply Quote 0
                              • A
                                Antibiotic
                                last edited by

                                I have found this baby, it's a telegram! Thanks' to all for assistanse.

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post
                                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.