Determine what traffic is in each queue

  • How do I determine what traffic is going into my various traffic shaping queues.  For instance, right now the only traffic I should be having on my network is p2p, but my qDefault on the WAN side is getting 180Kbit/s while the qP2P is only getting 6kbps. So my question is how do I determine what this other traffic is?  I'm guessing my floating rules are not matching something, but I don't know enough to find out why they aren't matching.

  • I am also highly interested in this.

  • Me three.  It would be nice to have a list of connection states by rule and ability to filter results similar to the System Log/Firewall tab.  Without, my approach is to packet capture the expected traffic generated.  Usually find out the direction or port is not what I expected so my rule was inappropriately created and fails.  Once corrected I check activity on the rule using PfTop/Label. And to be certain it hits the rule I temporarily turn on rule logging and check System Log / Firewall.  A bit hunt'n'peck but, far as I know, that's all there is.

  • Since the traffic could be almost anything, the method of capturing and manually analyzing the traffic is the only one that will reliably work that I know of.

  • How do you capture the traffic that is in a specific queue? I can easily capture data entering and leaving the firewall, but I can't tell what the internal state of the firewall is.

    You don't.  That's where all the fun is.  You run your shaper and see lots of unhandled traffic.  You sniff the wire to see what the traffic is.  You analyze the traffic and compare to your existing rules to determine why it isn't performing as expected.  Rinse, repeat.

  • In the past I've had the issue where a flow got put in the correct queue on the WAN interface, then placed in the default queue on the LAN interface. Obviously the flow matched the rule because it correctly was assigned WAN side, but how would I have figured out why it didn't get assigned to the correct LAN queue?

    Eventually I just set all of my floating rules to be ANY direction and on both LAN and WAN interfaces and now I see traffic going to my queues, but I don't know what traffic.

    What is the proper way of using floating rules?

    From what I understand, floating rules are simply a way of having one rule that acts on multiple interfaces in multiple directions.  That's it.