Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [SOLVED] Undetected Traffic?

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 3 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C Offline
      Corbin23
      last edited by

      Hello all.

      I am having some troubles with me network. My connection is constantly pegged to capacity and I cannot find out what is causing the traffic. Looking at my WAN traffic graph I can see that the full 12Mbps is being used while no IP is accounting for it. Same is happening on the LAN traffic graph. Can anybody point me in a direction to look further?
      TrafficGraph_WAN.png
      TrafficGraph_WAN.png_thumb
      TrafficGraph_LAN.png
      TrafficGraph_LAN.png_thumb

      1 Reply Last reply Reply Quote 0
      • johnpozJ Offline
        johnpoz LAYER 8 Global Moderator
        last edited by

        I would sniff and see what is there.. Diag, packet capture.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • F Offline
          firewalluser
          last edited by

          If you have all firewall rules logging, that can sometimes show up whats using bandwidth.

          If you have your wan connection in a bridge modem configuration you can add a device between the modem/router in bridge mode and pfsense and packet capture, in case something has got into pfsense/freebsd, a new Mac virus was in the news today.

          You can also use HAproxy to do a MITM with encrypted data, check out HAproxy SSL bridging on how to set that up.

          IF you have an Rpi lying around, something like this can be useful for unlimited packet capturing and running HAproxy http://williamknowles.co.uk/?p=16
          Hook up to an external HD or redirect the TCPDump output to another machine behind another firewall using Netcat, run HAproxy in full Debug mode which means compiling it yourself and add extra code to fill any gaps the debug output doesnt give you. If attempting this on a Rpi as many have them lying around, check out raspbian-ua-netinst, its just core, network & ssh, got it clocking reliably at 1.1Ghz with USB3-1Gbps usb nics handling plenty of bandwith, 48MB ram used, no swap files all in Read Only mode thanks in part to modding things like cpu governors, schedulers and other tricks.

          If you have some other PC, debian installed on it and much of the rpi links will still apply.

          Capitalism, currently The World's best Entertainment Control System and YOU cant buy it! But you can buy this, or some of this or some of these

          Asch Conformity, mainly the blind leading the blind.

          1 Reply Last reply Reply Quote 0
          • C Offline
            Corbin23
            last edited by

            Found out it was just a server that was behaving abnormally. Rebooted the server and all is good  :-X

            Noticed it by looking though pfTop after logging into the console. Thanks for the help!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.