Unexplained traffic spikes
built on Sun Feb 13 23:53:14 EST 2011
Twice today (and I'm not looking closely), I have noticed spikes of in traffic on an internal interface, around 40mbps (first screenshot). I have 4 firewall rules on that interface (2nd screenshot). The third rule limits traffic to 10/1 mbps for each host on that interface. I have roughly 6 hosts on that interface, and I find it pretty much impossible that they all spike at the same time. Furthermore, there is no out traffic on any other interface to match the in traffic on this one (and my WAN up speed is limited to 2.7 mbps), so if there really is traffic there, it must be going to pfsense itself, or getting blocked. Any realistic explanation for this?
What does 40Mbit/s just at once without waiting for something to come back?… Seems like a (deliberately) misbehaving app, i.e. something nasty maybe?
Windows PCs on the LAN?
I would turn on logging and see what packets are getting blocked or what packets are destined for pfSense itself.