0

I have some issues with a third party to establish a VPN connection. To debug it, I made a packet capture on the device that represents our synchronous DSL line. The solution I'm using is an old pfsense-1.2.3 and I've initiated the capture using the web-interface "Diagnostics->Package Capture". I've been viewing the result in wireshark.

Now my question is: when doing such a package capture, are those packages really taken from the network stack, that is after processing firewall rules and routing?

Or to rephrase it: does getting a package in a package capture represent a guarantee that this package has been send on the interface captured and thus left my router on the SDSL-line?

I'm asking since I have no response package at all in my capture. The third party claimed to see no traffic hitting them. Now I'm wondering if there is still some potential error on my side or if having packages with the remote gateway as destination in my logs is prove that such packages have left using the synchronous DSL line.

noamik
  • 163
  • 1
  • 2
  • 10
  • I guess http://serverfault.com/questions/163811/pfsense-possible-to-traffic-capture-the-actual-wan-port more or less answers my question. – noamik Jun 07 '13 at 13:43

1 Answers1

2

It shows what's on the wire on that NIC. Only exception to that being checksums if hardware checksum offloading is enabled, egress packets will have null checksums in that case.

Chris Buechler
  • 2,938
  • 14
  • 18