Hi,
I have two FreeBSD 5.4-stable i386 boxes running PF in the typical
failover configuration: one external interface, one internal, one
sync. I also have softflowd running on the internal interface of both
systems, to capture traffic flow information.
About a week and a half ago, I started seeing massive bandwidth spikes
via softflowd. Oddly enough, these are coming from one of the sync
interfaces (192.168.0.1) and going to 224.0.0.240.
So, my questions are:
a) should I be seeing multicast traffic from the sync interface on the
internal network?
b) why would these spikes be occuring all of a sudden? Our change
control system shows that nothing has been done other than opening
ports 80 and 443 to a couple of IP addresses. Any thoughts on where
to check?
==ml
--
Michael W. Lucas [EMAIL PROTECTED], [EMAIL PROTECTED]
http://www.BlackHelicopters.org/~mwlucas/
"The cloak of anonymity protects me from the nuisance of caring." -Non Sequitur
