Netgate SG-1000 microFirewall

Author Topic: monitoring local traffic?  (Read 204 times)

0 Members and 1 Guest are viewing this topic.

Offline ILLCOMM

  • Newbie
  • *
  • Posts: 22
  • Karma: +0/-0
    • View Profile
monitoring local traffic?
« on: January 28, 2018, 07:38:00 pm »
As a cord cutter I bought a product to capture and stream local broadcast channels across my network: https://www.airtv.net/products/airtv/

It works. :)

I am trying to "see" the traffic that AirTV is sending across the network, in this case to a FireTV which is streaming the content (via SlingTV app which integrates with AirTV).

Using iftop or pftop I don't see the traffic coming from my AirTV ip and going to my FireTV ip.

I am no expert, so I am assuming that this LAN traffic is happening on some sort of protocol that iftop or pftop don't capture and I don't understand. Was hoping someone could help me see this traffic. I am getting some intermittent stuttering in the stream and am trying to figure out root cause and think this might help.

TIA!

Offline JKnott

  • Hero Member
  • *****
  • Posts: 1204
  • Karma: +53/-11
    • View Profile
Re: monitoring local traffic?
« Reply #1 on: January 28, 2018, 08:22:37 pm »
How are you trying to see the traffic?  PfSense includes Packet Capture, but it will only capture traffic that actually reaches it.  With switches, most of the traffic passes only between the source and destination, so unless it's broadcast or multicast, pfSense will not likely see it, unless it's actually passing through pfSense.  What I have done is I bought a cheap managed switch, which I configured for port mirroring.  With this, I connect a computer running Wireshark to port one and one side of the connection I want to monitor on port 2, with the other side of the connection through any other port.  This way, I can monitor all traffic between a device and the switch.  If your network is built around a managed switch, you should be able to set up port mirroring with it.

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9817
  • Karma: +1107/-311
    • View Profile
Re: monitoring local traffic?
« Reply #2 on: January 28, 2018, 08:23:09 pm »
What he said.

LAN traffic is probably happening on LAN and the firewall (A router, not involved in delivering same-subnet traffic) is not seeing the traffic at all.

You'll probably need to create a SPAN/monitor port on your switch and capture there.
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline ILLCOMM

  • Newbie
  • *
  • Posts: 22
  • Karma: +0/-0
    • View Profile
Re: monitoring local traffic?
« Reply #3 on: January 30, 2018, 02:17:07 pm »
Thank you both. This was the "not an expert" qualification, although this seems pretty basic so I am embarrassed! It would appear that this traffic is simply between source and dest and pfSense isn't seeing anything.

I don't have a managed switch, though will be getting one soon to set up VLANs. Maybe I can try again then.