Netgate SG-1000 microFirewall

Author Topic: High Traffic on Layer 2 Interface without IP - ntopng  (Read 99 times)

0 Members and 1 Guest are viewing this topic.

Offline pfnewb2016

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
High Traffic on Layer 2 Interface without IP - ntopng
« on: January 08, 2018, 10:08:37 pm »
I am trying to determine traffic usage by IP across 3 VLANs.  Initially it looked like WAN Traffic exceeded Host traffic by 24GB.  After checking again I found 24GB of usage for a physical interface without an IP.  This is confusing for several reasons.

1. Physical interface without an IP, shouldn't be able to access internet.
2. Why would pfsense/ntop use 24GB in 5 days?

SG-2440
pfsense 2.42
ntopng v3.0.171218

cellular router 172.16.100.1
   |
   |
igb0 WAN / 172.16.100.2
igb1 LAN / 10.1.1.1
igb2 OPT1 / no IP
igb2.10 / 10.4.10.1 MGMT
igb2.20 / 10.4.20.1 WIFIGUEST
igb2.30 / 10.4.30.1 WIFISTAFF

Traffic Totals (from Host Tables)
igb0 WAN   26GB
igb1 LAN    0
igb2 OPT1  0
igb2.10      1GB
igb2.20      0
igb2.30      1GB

Host traffic = 2GB vs WAN traffic 24GB, doesn't add up.  More checking, I found:

Layer 2 Devices: MAC of igb2 = 24GB Traffic. 
Traffic for WAN vs Host + Layer 2 are now equal but how, why?

Possibly unrelated, I suspected a webcam as the cause of the traffic.  Searching for the webcam host in ntop returns host 10.4.10.251 cannot be found and has probably expired.  This happens while I'm connected to the webcam and I can confirm it's regularly uploading.

Thanks for your help.