Traffic Graph showing IP that is not found in packet capture
-
Hey everyone,
I just setup a fresh install for a site that will be going live in the coming week. When looking at various logs and graphs I stumbled across some traffic on what appears to be within the LAN but a packet capture on the LAN interface does not show the traffic. Has anyone seen this before? The IP appears to be registered in the China.
Firewall logs and packet captured don't capture it, but it shows in the traffic graph. I'm a bit confused as to what this could be.
Image attached.
-
I have one of these http://williamknowles.co.uk/?p=16 with a 2Tb external usb drive hooked up to my adsl modem and pfsense wan interface.
This will save more packet capture data over a longer period of time than the the pfsense packet capture which hangs after a period of inactivity relkated in part to the default auto log off setting seen in System, User Manager, Settings tab, Session Timeout which is a default 4 hours.
Might be useful as an alternative packet capture but notethe Rpi only does 10/100 nic speeds so no good on the lan side for most networks but useful for slower broadband connections.
fwiw.