I'm running m0n0wall in CD+FDD configuration. m0n0wall is connected to
cable modem via ethernet adapter, second adapter is connected to LAN via
two switches (they are working in uplink mode). Few days ago I've
noticed heavy traffic on switch port connected to turned off computer.
I've checked network with ethereal and saw lots ACK and some pop3
sessions (but not traffic related to torrent) between router and one of
the workstations (win xp sp2). Ethereal was running on FreeBSD machine
on yet another port (besides those I normally use). AFAIK according to
IPs those packets shouldn't be seen by every machine on the network. I
tried switching off switches to clean they ARP caches, rebooting
m0n0wall and workstations and still problem persist. Is it m0n0wall
related or I should suspect security breach in my network?